Principle of Network & System Administrator

Principle of Network & System


Chapter 2: System Components

What is systems
• System refer to both to operating system of computer,
collectively the set of computers that cooperate in a
• Def 1 : human – computer system : an organized
collaboration between human and computer to solve a
problem or provide a service.
• Term operating systems has no rigorously accepted
definition. Its often thought of as the collection of all
programs bundled with a computer, combining kernel of
basic services and utilities for users

Network Infrastructure

Figure 2.1 : some of key dependencies in system administration

Network Infrastructure
• Three main component in human – computer system
• Human : who use and run the fixed infrastructure and
cause most problems
• Host computers : computer device that run software
either in fixed or mobile location.
• Network hardware : cover a variety of specialized device
including the key component :
– Dedicated computing device that direct traffic around the
internet. Routers talk at the IP address level or layer 3 .
– Switches: fixed hardware devices that direct traffic around local
area network. Switches talk at the level ethernet or layer 2
– Cables : There are many type of cable that interconnect device:
fiber optic, twisted pair, null modem cables, and etc
• Figure 2.2: The basic elements of the von Neumann architecture

• Each computer have :
– Clock – derive a CPU
– Array of other devices
• To work all this together :
– CPU is design to run program – read/write to h/ware devices.
– OS – more important
– Software layer provide working abstractions for programmers
and users and consist of files, process and services.
– Network is refer to part of the system that carry message from
one node to another by using wired/wireless.
– All this part and level are working together (system).

Handling Hardware
• Electronic equipment should be treated as highly fragile and easy
• Far too blase towards electronic equipment.
– Never insert / remove power without ensuring that its switch off
– Take care when inserting the multi pin
• More :
• Read instruction : when dealing either h/ware or s/ware, always look
and read the instruction manual.
• Interface and connector :………
• Handling components :
• DISK :
• Memory :
• Another expected – environment & wheather
– Lightening
– Power
– Heat
– Cold
Operating System
• Three (3) element
– Technical layer of software for driving the hardware
– A files systems
– Simple user interface

• Type of OS:
– Windows 3x
– Mac OS
– Windows 95,98,ME
– AmigalDOS
– Unix-like
Operating System
• Type of OS
– NT-like
– Windows 2000 / XP
– OS390 (zOS)

Operating System

Operating System

Operating System
• Multi user
– Allow multiple user to share resources of single host.
– Necessary to protect users from one another by giving
• The legacy of insecure operating systems
– Mostly home computer operating system did not address
security issue.
– Mac OS, DOS, Windows, AmigaDOS – nit completely in
secure : no limits on what a determined user can do.
• Securable operating systems
– To distinguish them from insecure OS, we shall refer to OS like
Unix and NT as securable OS.
– Main reason why DOS and Windows 9X and Macintosh are so
susceptible to virus attack – user can change the OS files.
– To restrict access to the system , it required a notion of
ownership and permission.
Operating System
• Shell or command interpreters
– Today most of OS provide the GUI for all kinds of task.
– Windows proprietary shells are rudimentary
– Unix shells are rich in complexity and some of them are
available installation on Windows
– Shells can be used to write simple programs called scripts or
batch files which often simply repetitive adminstrative task.
• Log & audits
– OS kernels share resources and offer services,
– Can keep list of transactions which have taken place so that one
can later go back and see we exactly happened at given time.
– Auditing became issue again in connection with security.
Organization become afraid of break – ins from system cracker
and want to able to trace activities of the system in orderbe able
to look back and find out the identity of cracker.
Operating System
– Some organization , auditing are important. – one use for
auditing is so called non repudiation or non –denial (a security
feature which encourage users to be responsible for their
• Priviledged Accounts
– OS that restrict user privileges need an acc. Which can be use to
configure and maintain the system
– For Unix, root acc is the privileged acc, its also refered to
colloquially as the super user.
– For Windows, privilege acc is a Administrator, this acc don’t
have automatic access to everything.
– Administrator & root accounts should never ve used for normal
work – too much power.
– Use privilege acc as normal user would be to make system as

Operating System
• Comparing Unix-Like and Windows computers
– Most popular classes of operating systems today
– File and directory structure Unix and Windows are different but
both have same basic element.
– Unix-like OS are many varied – basic similar in concept
– Windows has adopted much from unix cultural heritage – eg:
renaming \ and / in filename, changing the file name of some
commands and etc
– Windows NT, 2000, XP are multi tasking OS from Microsoft
which allow user to log in to a console or workstation
– the console may be joined together in a network with common
resources shared by an NT domain.
– Windows did not have a remote shell login feature like Unix at
the outset.
– One may now obtain a terminal server which gives Windows
telnet-like functionality.
Operating System

Operating System

Operating System

Operating System
• Filesystems
– File and filesystems are at the very heart of what system
administration about.
– Every task in host administration or network configuration
involves making changes to files
– Need to acquire a basic understand of the principles of systems
– For instance, fact that old filesystems were only 32 bit
addressable and therefore supported a maximum partition size of
2GB or 4GB
– Newer filesystems are 64bit addressable and therefore have
essentially no storage limits.
– Unix use an index node system of block addressing, Dos use
tabular lookup system.

Operating System
• Unix
– Has a hierarchical filesystems – make use directories and
subdirectories to form a tree.
– All filesystems based on index nodes or inodes
– Every file has index entry stored in a special part of the
– Inode contain extensible system of pointers to the actual disk
block- associated with the file
– Inode also contains essential information needed to located a file
on the disk.
– Start of the Unix file tree is call root filesystems or ‘/’.

Operating System
• The file hierarchy
– /bin – execute binary program
– /etc – Miscellaneous programs configuration files
– /usr – this contain main meat of unix
– /usr/bin – more executables from the OS
– /usr/sbin – executables that are mainly interest to system
– /usr/local – user’s custom software added
– /sys – hold configuration data
– /export – network server use only
– /dev or /device –a place where all logical device are collected.
– /home – user on some systems.
– /root – home for root
– /var – mixed file
Operating System
• Symbolic links
– A pointer or an alias to another file
– Command : ln –s from file /other/directory/tolink
• Hard links
– A duplicate directory reference to inode in the filesystem.
• File access control
– To restrict privileges file on the system.
– Example of permisssion : type owner group anyone.
• For example, the permission
• Type Owner Group Anyone
– d rwx r-x ---

Operating System

Operating System
• First column is textual representation of the
representation of bits for each file.
• Second column is the number of hard links to the file
• Third and fourth column are the user name and group
• The remainder show the file size in bytes and the creation
• There 16 protection bits for unix file but only 12 of them
can be change by user.

Operating System
• Here are some examples of the relationship
between binary, octal and the
• textual representation of file modes.
• Binary Octal Text
– 001 1 --x
– 010 2 -w-
– 100 4 r--
– 110 6 rw-
– 101 5 r-x
– - 644 rw-r--r--

Operating System
• chmod
• The chmod command changes the permission or mode of a file. Only
the owner of the file or the superuser can change the permission.
• # make write-able for everyone
– chmod a+w myfile
• # add the user (owner) ’execute’ flag for directory
– chmod u+x mydir/
• # open all files for everyone
– chmod 755 *
• # set the s-bit on my-dir’s group
– chmod g+s mydir/
• # descend recursively into directory opening all files
– chmod -R a+r dir

Operating System
• New file objects: umask
• When a new file is created, the operating system must decide what
default protection bits to set on that file. The variable umask decides
this. umask is normally set by each user in his or her .cshrc file (see
next chapter).

• umask 077 # safe

• umask 022 # liberal
• umask only removes bits, it never sets bits which were not already set
in 666. For instance umask Permission
– 077 600 (plain)
– 077 700 (dir)
– 022 644 (plain)
– 022 755 (dir)

Operating System
• Making programs executable
• A Unix program is normally executed by typing its pathname. If the x
execute bit is not set on the file, this will generate a ‘permission
denied’ error. This protects the system from interpreting nonsense
files as programs.
• To make a program executable for someone, you must therefore
ensure that they can execute the file, using a command like
– chmod u+x filename
• This command would set execute permissions for the owner of the
file; chmod ug+x filename would set execute permissions for the
owner and for any users in the same group as the file. Note that
script programs must also be readable in order to be executable,
since the shell has to interpret them by reading.

Operating System
• chown and chgrp
• These two commands change the ownership and
the group ownership of a file.
– chown mark ~mark/testfile
– chgrp www ~mark/www/tmp/cgi.out
• In newer implementations of chown, we can change
both owner and group attributes simultaneously, by
using a dot notation:
– chown mark.www ~mark/www/tmp/cgi.out

Operating System
• Making a group
• The superuser creates groups by editing the file
/etc/group. Normally users other than root cannot
define their own groups.
• This is a historical weakness in Unix, and one
which no one seems to be in a hurry to change. It is
possible to ‘hack’ a solution to this which allows
users to create their own groups. The format of the
group file is:
– group-name:: group-number: comma-separated-list-of-
Operating System
• ACLs, or access control lists are a modern
replacement for file modes and permissions.
• With access control lists we can specify precisely
the access rights to files for each user individually.
• ACLs are literally lists of access rights. Each file has
a list of data structures with pairs of names and

Operating System

Operating System
• the commands to read and write ACLs have the
cumbersome names
– getfacl file Examine the ACLs for a file.
– setfacl file -s permission Set ACL entries for a file,
replacing the entire list.
– setfacl file -m permission Set ACL entries for a file, adding
to an existing list.

Operating System
• mercury% touch testfile
• mercury% getfacl testfile
– # file: testfile
– # owner: mark
– # group: iugroup
– user:: rwgroup::---
– #effective:---
– mask:---
– other:---

Operating System
• mercury% setfacl -m user:demos:rw- testfile
• mercury% getfacl testfile
– # file: testfile
– # owner: mark
– # group: iugroup
– user::rwuser:
– demos:rw- #effective:---
– group::--- #effective:---
– mask:---
– other:---

Operating System
• To open a file for reading by a group iugroup, except for one
user called robot, one would write:
– mercury% setfacl -m group:iugroup:r--,user:robot:--- testfile
– mercury% getfacl testfile
– # file: testfile
– # owner: mark
– # group: iugroup
– user::rwuser:
– robot:--- #effective:---
– user:demos:rw- #effective:---
– group::--- #effective:---
– group:iugroup:r-- #effective:---
– mask:---
– other:---

Operating System
• Windows file model
• The Windows operating system supports a variety of
legacy filesystems for backward compatibility with
DOS and Windows 9x.
• NTFS, like the Unix file system, is a hierarchical file
system with files and directories.
• Each file or directory has an owner, but no group
membership. Files do not have a set of default
permission bits,

Operating System
• Filesystem layout
• Drawing on its DOS legacy, Windows treats different disk
partitions as independent floppy disks, labelled by a letter of
the alphabet:
– A: B: C: D: ...
• The system root is usually stored in C:\WinNT and is generally
referred to by the system environment variable %SystemRoot

Operating System
– C:\I386 This directory contains binary code and data for the
Windows operating system.
– C:\Program Files This is Windows’s official location for
new software.
– C:\Temp Temporary scratch space, like Unix’s /tmp.
– C:\WinNT This is the root directory for the Windows
system. might install themselves here.
– C:\WinNT\config Configuration information for programs.
– C:\WinNT\system32 This is the so-called system root.

Operating System
• File extensions
• Whereas files can go by any name in Unix,
Microsoft operating systems have always used the
concept of file extensions to identify special file
types. For example:
– file.EXE An executable program
– file.DOC Word document
– file.JPG Graphic file format

Operating System
• Links and shortcuts
• Windows also has ways of aliasing files in the filesystem.
• Windows has hard links, or duplicate entries in the master file
table, allowing one to associate several names with a given
• This is not a pointer to a file, but an alternative entry point to
the same file.
• A short cut is a small file which contains the name of another
file, like a short script. It is normally used for aliasing scripts or

Operating System
• Access control lists
• Windows files and directories have the following attributes.
Access control lists are composed of access control entries
(ACEs) which consist of: - (next figure )
• The read, write and execute flags have the same functions as
their counterparts in Unix. The execute flag is always set
on .EXE files.
• The additional flags allow configurable behavior, where
behavior is standardized in Unix.
• The delete flag determines whether or not a particular user has
permission to delete an object
• The permission and ownership flags likewise determine
whether or not a specified user can take ownership or modify
the permissions on Principles
Operating System

Operating System
• Access control lists, or Access control entries are set and
checked with either the Windows Explorer program
(File/Properties/Security/Permissions menu) or the cacls
• This command works in more or less the same way as the
POSIX setfacl command, but with different switches.
• Eg: hybrid> CACLS testfile
– C:\home\mark\testfile BUILTIN\Administrators:F
– Everyone:C
– hybrid> CACLS testfile /G ds:F
– Are you sure(Y/N)?
– hybrid> CACLS testfile
– C:\home\mark\testfile HYBRID\ds:F
Operating System
• The result :-
– hybrid> CACLS testfile /E /G mark:R
– {\var wait for 30 seconds}
– Are you sure(Y/N)?
– hybrid> CACLS testfile
– C:\home\mark\testfile HYBRID\ds:F
– HYBRID\mark:R

Operating System

Network Filesystem Model
• Unix and Windows have two of the most prevalent filesystem
interfaces, apart from DOS itself (which has only a trivial
interface), but they are both stunted in their development.
• Network File System (NFS) for Unix-like operating systems
developed by sun-microsystems.
• This is a distributed filesystem, for mainly local area networks.
• Other filesystems that are gaining in popularity include the
Andrew File System (AFS),

Unix and Windows sharing
• Filesystems can be shared across a network by any of the
methods we have discussed above.
• We can briefly note here the correspondence of commands
and methods for achieving network sharing.
• Unix-like hosts use NFS to share filesystems, by running the
daemons (e.g. rpc.mountd and rpc.nfsd).
• Filesystems are made available for sharing by adding them to
the file /etc/exports, on most systems, or confusingly to
/etc/dfs/dfstab on SVR4 based Unix.

• Windows filesystems on a server are shared, either using the
GUI, or by executing the command : -
– net share alias=F:\filetree
• On the client side, the file tree can then be ‘mounted’ by
executing the command
– net use X: \\serverhost\alias
• This attaches the remote file tree, referenced by the alias, to
Windows drive
– X:. One of the logistical difficulties with the Windows drive model is that
• Drive associations can be made to persist by adding a flag
– net use X: \\serverhost\alias /persistent:yes
to the mount command

Process Job Control
– The Unix process model

• Unix starts new processes by copying old ones. Users start

processes from a shell command line interface program or by
clicking on icons in a window manager.
• Every Unix process has a process ID (PID) which can be used
to refer to it, suspend it or kill it entirely.
• A background process is started from a shell using the special
character & at the end of the command line.
– find / -name ’*lib*’ -print >& output &
• Processes can be stopped and started, or killed once and for
all. The kill command does this and more.

Process Job Control
• Example
• kill -15 127
• kill 127
• kill -9 127

Prosess Job Control
• The Windows process model
• Like Unix, processes under Windows/NT can live in
the foreground or in the background, though unlike
Unix, Windows does not fork processes by
• existing ones. A background process can be started
– start /B
• to kill the process it is necessary to purchase the
Resource kit which contains a kill command.

• The network is the largest physical appendage to our
computer systems, but it is also the least conspicuous, often
hidden behind walls and in locked switching rooms, or passing
invisibly through us as electromagnetic radiation.
• A network is a number of pathways for communication
between two or more hosts.
• Networking is increasingly important, as computers are used
more and more as devices for media access rather than for
• Networking raises issues for system management at many

The OSI Model
• The International Standards Organization (ISO) has
defined a model for describing communications
across a network, called the OSI model, for Open
Systems Interconnect (reference model).
• This model is a generalized abstraction of how
network communication can be and is implemented.
• The model does not fit every network technology
perfectly, but it is widely used to discuss and refer to
the layers of technology involved in networking,

OSI Model

OSI Model
• 1. Physical layer. This is the sending a signal along a wire,
amplifying it if it gets weak, removing noise etc. If the type of
cable changes (we might want to reflect signals off a satellite
or use fiber optics) we need to convert one kind of signal into
another. Each type of transmission might have its own
accepted ways of sending data (i.e. protocols).
• 2. Data link layer. This is a layer of checking which makes sure
that what was sent from one end of a cable to the other
actually arrived. This is sometimes called handshaking. The
Ethernet protocol is layer 2, as is Token Ring. This level is
labelled by Media Access Control (MAC) addresses.

Operating System
• 3. Network layer. This is the layer of software which
recognizes structure in the network. It establishes global
identity and handles the delivery of data by manipulating the
physical layer. The network layer needs to know something
about addresses – i.e. where the data are going, since data
might flow along many cables and connections to arrive where
they are going. Layer 3 is the layer at which IP addresses
• 4. Transport layer. We shall concentrate on this layer for much
of what follows. The transport layer builds ‘packets’ or
‘datagrams’ so that the network layer knows what is data and
how to get the data to their destination. Because many
machines could be talking on the same network all at the same
time, data are broken up into short ‘bursts
OSI Model
• ’. Only one machine can talk over a cable at a time so we must
have sharing. It is easy to share if the signals are sent in short
bursts. This is analogous to the sharing of CPU time by use of
time-slices. TCP and UDP protocols are encoded at this layer.
• 5. Session layer. This is the part of a host’s operating system
which helps a user program to set up a connection. This is
typically done with sockets or the RPC.
• 6. Presentation layer. How are the data to be sent by the
sender and interpreted by the receiver, so that there is no
doubt about their contents? This is the role played by the
external data representation (XDR) in the RPC system.
• 7. Application layer. The program which wants to send data
has its own protocol layer, typically a command language
encoding (e.g. GET, PUT in FTP or HTTP).
• Cables and interface technologies
• • Bus/Ethernet approach: Ethernet technology was developed
by Xerox, Intel and DEC in 1976, at the Palo Alto Research
Center (PARC) [103].
• Token Ring/FDDI approach: In the token ring approach [253],
hosts are coupled to hubs or nodes each of which has two
network interfaces and the hosts are connected in a uni-
directional ring.
• Frame Relay is an alternative layer 2 packet-switching protocol
for connecting devices on a Wide Area Network (WAN) or
backbone. It is used for point-topoint connections, but is
capable of basic switching, like ATM, so it can create virtual
point-to-point circuits.
• ATM, Asynchronous Transfer Mode technology [23], is a high
capacity, deterministic, transmission technology developed by
telephone companies in order to exploit existing copper
telephone networks.

• Connectivity
• Network cables are joined together by hardware which makes
sure that messages are transmitted from cable to segment in
the right direction to reach their destinations.
• A host which is coupled to several network segments and
which forwards data from one network to another is called a
• Routers not only forward data but they prevent the spread of
network messages which other network segments do not need
to know about.

• A bridge is a hardware device which acts like a filter on busy
• A bridge works like a ‘mini-router’ and separates two segments
of the same cable.
• A bridge knows which incoming cables do not offer a
destination address and prevents traffic from spreading to this
part of a cable. A bridge is used to isolate traffic on busy
sections of a network or conversely to splice networks
together. It is a primitive kind of switch.

• A repeater is an amplifier that strengthens the
network signal over long stretches of cable.
• A multi-port repeater also called a hub does the
same thing and also splits one cable into N sub-
cables for convenience.
• Hubs are common in twisted pair networks where it
is necessary to fan a cable out into a star pattern
from the hub to send one cable to each host.

• A switch is a hub which can direct a message from one host
cable directly to the intended host by routing the signal directly.
• The advantage with this is that other machines do not have to
see the traffic between two hosts.
• Each pair of hosts has a virtual private cable. Switched
networks are not immune to spies, net-sniffing or network
listening devices, but they make it more difficult for the casual
browser to see traffic that does not concern them.
• A switch performs many of the tasks of a router and vice
versa. The difference is that a switch works at layer 2 of the
OSI model (i.e. with MAC addresses), whereas a router works
at layer 3 (IP addresses).
• A switch cannot route data on a world-wide basis.
LANs, WANs and VLANs
• VLANs (virtual LANs) are a step towards selective
filtering at the switch level.
• They allow switches to protect swamped routers by
offering different groups, or channels for related
• LAN ???
• WAN ??

Protocols and
• Information transactions take place by agreed standards or
• Protocols exist to make sure that transmitted data are
understood by the receiver in the way that the sender
• protocols are required to make sure that data are understood,
not only by the receiver, but by all the network hardware which
carry them between source and destination.
• The data are wrapped up in envelope information which
contains the address of the destination.
• Each transmission layer in the protocol stack (protocol
hierarchy) is prefixed with some header information which
contains the destination address and other data which identify
LANs, WANs and VLANs

LANs, WANs and VLANs

LANs, WANs and VLANs
• The transmission control protocol (TCP) is for reliable
connection-oriented transfer.
• The user datagram protocol (UDP) is a rather cheaper
connection-less service and the Internet control message
protocol (ICMP) is used to transmit error messages and
routing information for TCP/IP.
• These protocols have an address structure which is
hierarchical and routable, which means that IP addresses can
find their way from any host in the world to any other so long
as they are connected.
• The Ethernet protocol does not know much more about the
world than the cable it is attached to.

LANs, WANs and VLANs
• Windows supports at least three network protocols, running on
top of Ethernet.
– • NETBEUI: NETBIOS Extended User Interface, Microsoft’s
own network protocol.This was designed for small
networks and is not routable. It has a maximum limit of 20
simultaneous users and is thus hardly usable.
– • NWLink/IPX: Novell/Xerox’s IPX/SPX protocol suite.
Routable. Maximum limit of 400 simultaneous users.
– TCP/IP: Standard Internet protocols. The default for
Windows-like and Unixlike systems. Novell Netware and
Apple MacIntosh systems also support TCP/IP. There is no
in-built limit to the number of simultaneous users.

Data Format
• Operating systems (actually the hardware they run on) fall into
two categories known as big endian and little endian. The
names refer to the byte-order of numerical representations.
• The names indicate how large integers (which require say 32
bits or more) are stored in memory.
• Little endian systems store the least significant byte first,
• Big endian systems store the most significant byte first.
• For example, the representation of the number 34,677,374
has either of the forms shown in next figure

IPv4 networks
• Every network interface on the Internet needs to have a unique
number which is called its address.
• IP addresses are organized hierarchically so that they can be
searched for by router networks. Without such a structure, it
would be impossible to find a host unless it were part of the
same cable segment. At present the Internet protocol is at
version 4 and this address consists of four bytes, or 32 bits.
• In the future this will be extended, in a new version of the
Internet protocol IPv6, to allow more IP addresses since we
are rapidly using up the available addresses.
• The addresses will also be structured differently. The form of
an IP address in IPv4 is
– aaa.bbb.ccc.mmm

• Networks were grouped historically into three
classes called class A, class B and class C
networks, in order to simplify traffic
• Class D and E networks are also now defined, but
these are not used for regular traffic.
• The difference between class A, B and C networks
lies in which bits of the IP addresses refer to the
network itself and which bits refer to actual hosts
within a network.

• Class A legacy networks
• IP addresses from to are class A
• Originally only to were used, but
this is likely to change as the need for IPv4 address space
becomes more desperate.
• In a class A network, the first byte is a network part and the
last three bytes are the host address. This allows 126 possible
networks (since network 127 is reserved for the loopback
• The number of hosts per class A network is 2563 minus
reserved host addresses on the network.

• Class B legacy networks
• IP addresses from to are class B
• There are 16,384 such networks. The first two bytes are the
network part and the last two bytes are the host part.
• This gives a maximum of 2562 minus reserved host
addresses, or 65,534 hosts per network.
• Default net mask is

LANs, WANs and VLANs
• Class C legacy networks
• IP addresses from to are class C
• There are 2,097,152 such networks. Here the first three bytes
are network addresses and the last byte is the host part.
• This gives a maximum of 254 hosts per network.
• The default subnet mask is

• Class D (multicast) addresses
• Multicast networks form what is called the MBONE,
or multicast backbone.
• These include addresses from to
• These addresses are not normally used for sending
data to individual hosts, but rather for routing data to
multiple destinations.
• Multicast is like a restricted broadcast. Hosts can
‘tune in’ to multicast channels by subscribing to
MBONE services.
• Class E (Experimental) addresses
• Addresses to are unused and are
considered experimental, though this may change as IPv4 addresses
are depleted.
• Other addresses
• Some IP addresses are reserved for a special purpose. They do not
necessarily refer to hosts or networks.
– Default route
– 0.*.*.* Not used
– Loopback address
– 127.*.*.* Loopback network
– *.*.*.0 Network addresses (or old broadcast)
– *.*.*.255 Broadcast addresses
– *.*.*.1 Router or gateway (conventionally)
– 224.*.*.* Multicast addresses

• RFC 1918 defines private addresses that are not
– - (10/8 prefix)
– - (172.16/12 prefix)
– - (192.168/16 prefix)
• and as of July 2001
– - (192.254/16 prefix)
• The network
– -

• The default route is a default destination for outgoing packets on a
subnet and is usually made equal to the router address.
• The loopback address is an address which every host uses to refer to
itself internally. It points straight back to the host. It is a kind of internal
pseudoaddress which allows programs to use network protocols to
address local services without anything being transmitted on an actual
• The zeroth address of any network is reserved to mean the network
itself, and the 255th (or on older networks sometimes the zeroth) is
used for the broadcast address. Some Internet addresses are
reserved for a special purpose.
• These include network addresses (usually xxx.yyy.zzz.0), broadcast
addresses (usually xxx.yyy.zzz.255, but in older networks it was
xxx.yyy.zzz.0) and multicast addresses (usually 224.xxx.yyy.zzz).

Subnet & Broadcast
• Netmask
• Broadcast
• Interface settings
– The IP address of a host is set in the network interface.
– The Unix command ifconfig (interface-configuration) or the Windows
command ipconfig are used to set this.
• Default route
– Each host must define a default route which is a destination to which
outgoing packets will be sent for processing when they do not belong to
the subnet.
– This is the address of the router or gateway on the same network
segment. It is set by a command like this:
• route add default my-gateway-address 1

• The default route can be checked using the netstat -
r command.
• The result should just be a few lines like this:
• Kernel IP routing table
• Destination Gateway Genmask Flags Metric Ref Use Iface
• localnet * U 0 0 932 eth0
• Loopback * U 0 0 38 lo
• default my-gw UG 1 0 1534 eth0

• The Address Resolution Protocol (ARP) is a name
service directory for translating from IP address to
hardware, Media Access Control (MAC) address
(e.g. Ethernet address).
• The ARP service is mirrored by a reverse lookup
ARP service (RARP). RARP takes a hardware
address and turns it into an IP address.

• Address space in IPv4
• As we have seen, the current implementation of the Internet protocol
has a number of problems.
• The model of classed Internet addresses was connected to the design
• of early routing protocols. This has proved to be a poor design
decision, leading to a sparse usage of the available addresses.
• It is straightforward to calculate that, because of the structure of the IP
addresses, divided into class A, B and C networks, something under
two percent of the possible addresses can actually be used in
• A survey from Unix Review in March 1998 showed that, of the total
numbers of addresses, these are already allocated:
• Max possible Percent allocated
• Class A 127 100%
• Class B 16382 62% of Networking & System
• Class C 2097150 36% Administration
• CIDR was introduced as an interim measure to combat the problems
of IP address allocation as well as that of routing table overflow.
• It is also the strategy of choice for IPv6 addressing. The name refers
to inter-domain routing because it provides not only an addressing
solution, but also an improved model for routing packets, by defining
routing domains (distinct from logical domains of the Domain Name
• The IPv4 address space has two problems:
– It is running out of address space, because many addresses are
bound up in classes that make them unusable, with the class
A,B,C scheme of IP addresses.
– Global routing tables are becoming too large, making routing slow
and memory intensive.

• What is meant by a securable operating system?
• Name and describe the layers of the OSI model.
• What are the following?: i) repeater, ii) hub, iii) switch, iv) bridge, v)
• Explain what an access control list is. Compare the functionality of the
Unix file permission model with that of access control lists. Given that
ACLs take up space and have many entries, what problems do you
foresee in administering file security using ACLs?
• Explain why the following are invalid IPv4 host addresses:
• to provide a ‘quick fix’ for organizations that required only partial
• In NAT, a network is represented to the outside world by a single
official IP address; it shields the remainder of its networked machines
on a private network that (hopefully) uses non-routable addresses
(usually 10.x.x.x).
• When one of these hosts on the private network attempts to contact
an address on the Internet, the Network Address Translator creates
the illusion that the request comes from the single representative
• The return data are, in turn, routed back to the particular host ‘as if by
• NAT makes associations of this form:
– (private IP, private port) <-> (public IP, public port)

