Chapter 4 Review

Network+ Guide to Networks, Chapter 4 Review

Introduction to TCP/IP Protocols

In this chapter, you will learn about the most commonly used networking protocols, their components, and their functions. This chapter is not an exhaustive study of protocols, but rather a practical guide to applying them. At the end of the chapter, you will have the opportunity to customize how your networked computer uses protocols. You will also analyze realistic networking scenarios pertaining to protocols and devise your own solutions. Because protocols form the foundation of network communications, you must fully understand them to manage a network effectively.

In the networking industry, the term protocol is sometimes used to refer to a group, or suite, of individual protocols that work together. In the sections that follow, you will learn about the protocol suite that is used on virtually all networks today—TCP/IP. As a network professional, you may occasionally encounter obsolete protocol suites that are not detailed in this chapter. But you will definitely encounter TCP/IP both on the job and in the Network+ certification exam. To be successful, you need to understand TCP/IP in depth.

Characteristics of TCP/IP (Transmission Control Protocol/Internet Protocol)

TCP/IP (Transmission Control Protocol/Internet Protocol) is not simply one protocol, but rather a suite of specialized protocols—including TCP, IP, UDP, ARP, and many others—called subprotocols. Most network administrators refer to the entire group as “TCP/IP,” or sometimes simply “IP.” For example, a network administrator might say, “Our network only runs IP” when she means that all of the network’s services rely on TCP/IP subprotocols. TCP/IP’s roots lie with the United States Department of Defense, which developed TCP/IP for its Advanced Research Projects Agency network (ARPANET, the precursor to today’s Internet) in the late 1960s. UNIX and Linux have always relied on TCP/IP. The most recent versions of all other network operating systems also use TCP/IP as their default protocol.

Though other protocol suites exist, TCP/IP has become the standard thanks to several advantages:

· It is open, rather than proprietary—TCP/IP is not owned by a company, which means you do not need to purchase a license to use it. It costs nothing and its code can be edited and modified by any programmer.

· It is flexible—The TCP/IP suite of protocols can run on virtually any platform and connect dissimilar operating systems and devices.

· It is routable—TCP/IP transmissions carry Network layer addressing information that can be interpreted by routers to determine the best path for directing data over a network. Not all protocols are routable. Only routable protocols are suitable for large networks.

The TCP/IP Model

TCP/IP is a broad topic with numerous technical, historical, and practical aspects. Advanced TCP/IP topics are covered in Chapter 9. If you want to become an expert on TCP/IP, consider investing in a book or study guide solely devoted to this suite of protocols. The TCP/IP suite of protocols can be divided into four layers that roughly correspond to the seven layers of the OSI model, described in the following list.

· Application layer—Roughly equivalent to the Application, Presentation, and Session layers of the OSI model. Applications gain access to the network through this layer, via protocols such as HTTP (Hypertext Transfer Protocol), FTP (File Transfer Protocol), Telnet, NTP (Network Time Protocol), DHCP (Dynamic Host Configuration Protocol), and PING (Packet Internet Groper), to name only some.

· Transport layer—Roughly corresponds to the Transport layer of the OSI model. This layer holds the Transmission Control Protocol (TCP) and User Datagram Protocol (UDP), which provide flow control, error checking, and sequencing.

· Internet layer—Equivalent to the Network layer of the OSI model. This layer holds the Internet Protocol (IP), Internet Control Message Protocol (ICMP), Internet Group Management Protocol (IGMP), and Address Resolution Protocol (ARP). These protocols handle routing and address resolution.

· Network Interface layer (or Link layer)—Roughly equivalent to the Data Link and Physical layers of the OSI model. Functions in this layer handle formatting of data and transmission to the network interface.

Unlike the OSI model, the TCP/IP model grew to describe how protocols work after the protocols were widely in use. For this reason, it is sometimes considered more practical than the OSI model, which is considered more theoretical. Understanding what functions belong to each layer of the models will come in handy when you’re troubleshooting problems. For example, a simple test might indicate that a transmission is breaking down at the Transport layer. Although you might not know the cause of the problem, narrowing down its scope in this way will lead you and your colleagues to the next step in assessing and fixing the problem.

The TCP/IP Core Protocols

Certain subprotocols of the TCP/IP suite, called TCP/IP core protocols, operate in the Transport or Network layers of the OSI model and provide basic services to protocols in other layers. As you might guess, TCP and IP are the most significant protocols in the TCP/IP suite. These and other core protocols are introduced in the following sections.

TCP (Transmission Control Protocol)

TCP (Transmission Control Protocol) operates in the Transport layer of the TCP/IP and OSI models and provides reliable data delivery services. TCP is a connection-oriented subprotocol, which means that a connection must be established between communicating nodes before this protocol will transmit data. As an analogy, suppose you were standing by a lake trying to communicate with a friend in a boat floating 100 yards offshore on a foggy afternoon. You need to give her an urgent message about a storm that’s fast approaching. You could shout at her, but you might not know whether she heard you correctly, if at all. To be certain she gets your message, it would be better to call her cell phone and talk. Similar to completing a phone call and making sure your friend answers and can hear you before you tell her about the storm, in data communications, TCP is the protocol that ensures a connection has been made before it allows the message to continue. TCP further ensures reliable data delivery through sequencing and checksums.

In the analogy of communicating with a friend offshore, this would be similar to asking her to confirm that she understood your warning. Without TCP’s connection and its sequencing and checksum measures, data would be transmitted indiscriminately. If not for TCP, a host would issue data without knowing whether the destination node was offline, for example, or whether the data became corrupt during transmission. This would be like shouting a lot of warnings to your offshore friend without making sure she understood—and then walking away. Finally, TCP provides flow control to ensure that a node is not flooded with data. In the case of communicating with a friend in a boat, this would be like speaking slowly enough over the phone so that she can hear every word and understand your message. Fields belonging to a TCP segment are defined in Table 4-1.

Table 4-1 - Fields in a TCP/IP segment

Field	Length	Function
Source port	16 bits	Indicates the port number at the source node. *A port number is the address on a host where an application makes itself available to incoming or outgoing data.*
Destination port	16 bits	Indicates the port number at the destination node.
Sequence number	32 bits	Identifies the data segment’s position in the stream of data segments already sent.
Acknowledgment number (ACK)	32 bits	Confirms receipt of the data via a return message to the sender
TCP header length	4 bits	Indicates the length of the TCP header.
Reserved	6 bits	A field reserved for later use.
Checksum	16 bits	Allows the receiving node to determine whether the TCP segment became corrupted during transmission.
Urgent pointer	16 bits	Indicates a location in the data field where urgent data resides.
Options	0–32 bits	Specifies special options, such as the maximum segment size a network can handle.
Padding	Variable	Contains filler information to ensure that the size of the TCP header is a multiple of 32 bits.
Data	Variable	Contains data originally sent by the source node. The size of the Data field depends on how much data need to be transmitted, the constraints on the TCP segment size imposed by the network type, and the limitation that the segment must fit within an IP packet.
Sliding-window size (or window)	16 bits	Indicates how many bytes the sender can issue to a receiver while acknowledgment for this segment is outstanding. This field performs flow control, preventing the receiver from being deluged with bytes. For example, suppose a server indicates a sliding window size of 4000 bytes. Also suppose the client has already issued 1000 bytes, 250 of which have been received and acknowledged by the server. That means that the server is still buffering 750 bytes. Therefore, the client can only issue 3250 additional bytes before it receives acknowledgment from the server for the 750 bytes.
Flags	6 bits	A collection of six 1-bit fields that signal special conditions through flags. *The following flags are available for the sender’s use:* · URG—If set to 1, the Urgent pointer field contains information for the receiver. · ACK—If set to 1, the Acknowledgment field contains information for the receiver. (If set to 0, the receiver will ignore the Acknowledgment field.) · PSH—If set to 1, it indicates that data should be sent to an application without buffering. · RST—If set to 1, the sender is requesting that the connection be reset. · SYN—If set to 1, the sender is requesting a synchronization of the sequence numbers between the two nodes. This code is used when TCP requests a connection to set the initial sequence number. FIN—If set to 1, the segment is the last in a sequence and the connection should be closed.

In the Chapter 2 discussion of Transport layer functions, you learned how TCP establishes connections for HTTP requests. You also saw an example of TCP segment data from an actual HTTP request. However, you might not have understood what all of the data meant. Now that you know the function of each TCP segment field, you can interpret its contents. The figure

below offers another look at the TCP segment.

Figure 4-3 TCP segment data

Transmission Control Protocol, Src Port: http (80), Dst Port: 1958 (1958), Seq: 3043958669, Ack: 937013559, Len: 0

Source port : http (80)

Destination port: 1958 (1958)

Sequence number: 3043958669

Acknowledgment number: 937013559

Header length: 24 bytes

Flags:_ 0xx0012 (SYN, ACK)

0... .... = Congestion Window Reduced (CWR): Not set

.0.. .... = ECN-Echo: Not set

..0. .... = Urgent: Not set

...1 .... = Acknowledgment: Set

.... 0... = Push: Not set

.... .0.. = Reset: Not set

.... ..1. = Syn: Set

.... ...0 = Fin: not set

window size: 5840

Checksum: 0x206a (correct)

Options: (4bytes)

Maximum segment size: 1460 bytes

Suppose the segment in Figure 4-3 was sent from computer B to computer A. Begin interpreting the segment at the Source port line. Notice the segment was issued from computer B’s port 80, the port assigned to HTTP by default. It was addressed to port 1958 on computer A. The sequence number for this segment is 3043958669. The next segment that computer B expects to receive from computer A will have the sequence number of 937013559 because this is what computer B has entered in the Acknowledgment field. By simply having a value, the Acknowledgment field performs its duty of letting a node know that its last communication was received. By indicating a sequence number, the Acknowledgment field does double-duty. Next, look at the Header length field. It indicates that the TCP header is 24 bytes long—4 bytes larger than its minimum size—which means that some of the available options were specified or the padding space was used. In the flags category, notice that there are two unfamiliar flags: Congestion Window Reduced and ECN-Echo. These are optional flags that can be used to help TCP react to and reduce traffic congestion. They are only available when TCP is establishing a connection. However, in this segment, they are not set. Of all the possible flags in the Figure 4-3 segment, only the ACK and SYN flags are set. This means that computer B is acknowledging the last segment it received from computer A and also negotiating a synchronization scheme for sequencing. The window size is 5840, meaning that computer B can accept 5840 more bytes of data from computer A even while this segment remains unacknowledged. The Checksum field indicates the valid outcome of the error-checking algorithm used to verify the segment’s header. In this case, the checksum is 0x206a. When computer A receives this segment, it will perform the same algorithm, and if the result is 0x206a, it will know the TCP header arrived without damage. Finally, this segment uses its option field to specify a maximum TCP segment size of 1460 bytes. Note that a computer doesn’t “see” the TCP segment as it’s shown in Figure 4-3. This figure was obtained by using a data analyzer program that translates each packet into a user friendly form. From the computer’s standpoint, the TCP segment is encoded as hexadecimal characters. The computer does not need any labels to identify the fields because as long as TCP/IP protocol standards are followed, it knows exactly where each byte of data is located. The TCP segment pictured in Figure 4-3 is part of the process of establishing a connection between computer B and computer A.

In fact, it is the second segment of three used to establish a TCP connection. In the first step of establishing this connection, computer A issues a message to computer B with its SYN bit set, indicating the desire to communicate and synchronize sequence numbers. In its message, it sends a random number that will be used to synchronize the communication.

In Figure 4-4, for example, this number is 937013558. (Its ACK bit is usually set to 0.) After computer B receives this message, it responds with a segment whose ACK and SYN flags are both set. In computer B’s transmission, the ACK field contains a number that equals the sequence number computer A originally sent plus 1. As Figure 4-4 illustrates, computer B sends the number 937013559. In this manner, computer B signals to computer A that it has received the request for communication and further, it expects computer A to respond with the sequence number 937013559. In its SYN field, computer B sends its own random number (in Figure 4-4, this number is 3043958669), which computer A will use to acknowledge that it received computer B’s transmission. Next, computer A issues a segment whose sequence number is 937013559 (because this is what computer B indicated it expects to receive). In the same segment, computer A also communicates a sequence number via its Acknowledgment field. This number equals the sequence number that computer B sent plus 1. In the example shown in Figure 4-4, computer A expects 3043958670 to be the sequence number of the next segment it receives from computer B. Thus, in its next communication (not shown in Figure 4-4), computer B will respond with a segment whose sequence number is 937013560. The two nodes continue communicating this way until computer A issues a segment whose FIN flag is set, indicating the end of the transmission.

TCP is not the only core protocol at the Transport layer. A similar but less complex protocol, UDP, is discussed next.

UDP (User Datagram Protocol)

UDP (User Datagram Protocol), like TCP, belongs to the Transport layer of the TCP/IP and OSI models. Unlike TCP, however, UDP is a connectionless transport service. In other words, UDP offers no assurance that packets will be received in the correct sequence. In fact, this protocol does not guarantee that the packets will be received at all.

Furthermore, it provides no error checking or sequencing. In the analogy of trying to communicate from shore to a friend on a boat, this would be like shouting into the fog without making sure she heard you correctly, if at all. UDP’s lack of sophistication makes it more efficient than TCP. It can be useful in situations in which a great volume of data must be transferred quickly, such as live audio or video transmissions over the Internet. In these cases, TCP—with its acknowledgments, checksums, and flow-control mechanisms—would only add more overhead to the transmission. UDP is also more efficient for carrying messages that fit within one data packet. In contrast to a TCP header’s 10 fields, the UDP header contains only four fields: Source port, Destination port, Length, and Checksum. Use of the Checksum field in UDP is optional.

Now that you understand the functions of and differences between TCP and UDP, you are ready to learn more about IP (Internet Protocol).

IP (Internet Protocol)

IP (Internet Protocol) belongs to the Internet layer of the TCP/IP model and the Network layer of the OSI model. It provides information about how and where data should be delivered, including the data’s source and destination addresses. IP is the subprotocol that enables TCP/IP to internetwork—that is, to traverse more than one LAN segment and more than one type of network through a router. As you know, at the Network layer of the OSI model, data are formed into packets, also known as datagrams. The IP packet acts as an envelope for data and contains information necessary for routers to transfer data between different LAN segments.

Two versions of the IP protocol are used on networks today. IPv4, which was introduced over 30 years ago, is still the standard on most networks. IPv4 is an unreliable, connectionless protocol, which means that it does not guarantee delivery of data. However, higher-level protocols of the TCP/IP suite, such as TCP, use IPv4 to ensure that data packets are delivered to the right addresses. The newer version of IP, IPv6, also known as IP next generation, or IPng, was released in 1998. Most new applications, servers, clients, and network devices support IPv6. However, due to the cost of upgrading infrastructure, many organizations have hesitated to upgrade from IPv4. Switching to IPv6 has advantages. IPv6 offers better security and better prioritization provisions than IPv4, plus automatic IP address configuration. But perhaps the most valuable advantage IPv6 offers is its promise of billions and billions of additional IP addresses through its new addressing scheme.

IPv4 Packets Due to the added information it carries, IPv6 uses different packets than IPv4. The following sections describe both types of packets in detail. The IPv4 packets fields are explained in the table below.

Figure 4-7 IPv4 packet data

Field	Length	Function
Version	4 bits	Identifies the version number of the protocol—for example, IPv4 or IPv6. The receiving workstation looks at this field first to determine whether it can read the incoming data. If it cannot, it will reject the packet.
Internet header length (IHL)	4 bits	Identifies the number of 4-byte (or 32-bit) blocks in the IPv4 header. The most common header length is composed of five groupings, as the minimum length of an IPv4 header is 20 4-byte blocks. This field indicates to the receiving node where data will begin (immediately after the header ends).
Differentiated Services (DiffServ)	8 bits	Informs routers the level of precedence they should apply when processing the incoming packet. Differentiated Services allows up to 64 values and a wide range of priority handling options.
Total length	16 bits	Identifies the total length of the IP packet, including the header and data, in bytes. An IP packet, including its header and data, cannot exceed 65,535 bytes.
Identification	16 bits	Identifies the message to which a packet belongs and enables the receiving node to reassemble fragmented messages. This field and the following two fields, Flags and Fragment offset, assist in reassembly of fragmented packets.
Flags	3 bits	Indicates whether a message is fragmented and, if it is fragmented, whether this packet is the last in the fragment.
Fragment offset	13 bits	Identifies where the packet fragment belongs in the incoming set of fragments.
Time to Live (TTL)	8 bits	Indicates the maximum duration that the packet can remain on the network before it is discarded. Although this field was originally meant to represent units of time, on modern networks it represents the number of times a packet has been forwarded by a router, or the number of router hops it has endured. Therefore, TTL is often called the hop limit. The TTL for packets is variable and configurable, but is usually set at 32 or 64. Each time a packet passes through a router, its TTL is reduced by 1. When a router receives a datagram with a TTL equal to 1, it discards that packet (or more precisely, the frame to which it belongs).
Protocol	8 bits	Identifies the type of Transport layer protocol that will receive the datagram (for example, TCP or UDP).
Header checksum	16 bits	Allows the receiving node to calculate whether the IP header has been corrupted during transmission. If the checksum accompanying the message does not have the proper value when the packet is received, the packet is presumed to be corrupt and is discarded.
Source IP address	32 bits	Identifies the full IP address of the source node.
Destination IP address	32 bits	Indicates the full IP address of the destination node.
Options	Variable	May contain optional routing and timing information.
Padding	Variable	Contains filler bits to ensure that the header is a multiple of 32 bits.
Data	Variable	Includes the data originally sent by the source node, plus information added by TCP in the Transport layer

In the Chapter 2 discussion of the OSI model’s Network layer functions, you were introduced to IP and the data contained in its packets. You also saw an example of IPv4 packet data from an actual HTTP request. However, you might not have understood what all of the data meant. Now that you are familiar with the fields of an IPv4 packet, you can interpret its contents. Figure 4-7 offers another look at the IPv4 packet.

- Internet Protocol, Src Addr: 140.147.249.7 (140.147.249.7), Dst Addr: 10.11.11.51 (10.11.11.51)

Version: 4

Header length: 20 bytes

)00x0 NCE ;tluafeD :00x0 PCSD( 00x0 :dleiF secivreS detaitnereffiD +

Total Length: 44

Identification: 0x0000 (0)

- Flags: 0x04

.1.. = Don’t fragment: Set

..0. = More fragments: Not set

Fragment offset: 0

Time to live: 64

Protocol: TCP (0x06)

Header checksum: 0x9ff3 (correct)

Source: 140.147.249.7 (140.147.249.7)

Destination: 10.11.11.51 (10.11.11.51)

Begin interpreting the datagram in Figure 4-7 with the Version field, which indicates that this transmission relies on version 4 of the Internet Protocol. Next, notice that the datagram has a header length of 20 bytes. Because this is the minimum size for an IP header, you can deduce that the datagram contains no options or padding. In the Differentiated Services field, no options for priority handling are set, which is not unusual in routine data exchanges such as retrieving a Web page. The total length of the datagram is given as 44 bytes. This makes sense when you consider that its header is 20 bytes and the TCP segment that it encapsulates is 24 bytes.

Considering that the maximum size of an IP packet is 65,535 bytes, this is a very small packet. Next in the IP datagram is the Identification field, which uniquely identifies the packet. This packet, the first one issued from computer B to computer A in the TCP connection exchange, is identified in hexadecimal notation as 0x0000. In the Flags field, which indicates whether this packet is fragmented, the don’t fragment option is set with a value of 1. So you know that this packet is not fragmented. And because it’s not fragmented, the fragment offset field does not apply and is set to 0. This datagram’s TTL (Time to Live) is set to 64. That means that if the packet were to keep traveling across a network, it would be allowed 64 more hops before it was discarded. The Protocol field is next. It indicates that encapsulated within the packet is a TCP segment. TCP is always indicated by the hexadecimal string of 0x06. The next field provides the correct header checksum answer, which is used by the recipient of this packet to determine whether the header was damaged in transit. Finally, the last two fields in the packet show the logical addresses for its source and destination.

IPv6 Packets As you have learned, IPv6 was designed to offer better prioritization, better security, and a much larger range of IP addresses than IPv4. The fields in an IPv6 packet header, explained in Table 4-3, reflect those enhancements.

Table 4-3 Fields in an IPv6 packet

Field	Length	Function
Version	4 bits	Indicates what IP version the packet uses.
Traffic class	8 bits	Identifies the packet’s priority. It is similar, but not the same as the Type of service field in IPv4 packets.
Flow label	20 bits	Indicates which flow, or sequence of packets issued from one source to one or multiple destinations, the datagram belongs to. Routers interpret flow information to ensure that packets belonging to the same transmission arrive together. Flow information may also help with traffic prioritization.
Payload length	16 bits	Indicates the size of the payload, or data carried by the packet. Unlike the Total length field in IPv4 packets, the Payload length in IPv6 packets does not refer to the size of the whole packet.
Next header	8 bits	Identifies the type of header that immediately follows the IP packet header, usually TCP or UDP.
Hop limit	8 bits	Indicates the number of times that the packet can be forwarded by routers on the network, similar to the TTL field in IPv4 packets. When the hop limit reaches 0, the packet is discarded.
Source address	128 bits	Identifies the full IP address of the transmitting node.
Destination address	128 bits	Identifies the full IP address of the receiving node.

If you compare the fields and functions listed in Table 4-3 with those listed for the IPv4 packet in Table 4-2, you’ll notice some similarities and some differences. For example, both packets begin with a 4-bit Version field. Other fields, such as the TTL in IPv4 and the Hop limit in IPv6, are similar, but slightly different. One striking difference between the two versions is that IPv6 packets accommodate the much longer IPv6 addresses.

Figure 4-9 shows the contents of an actual IPv6 packet header. This packet formed part of a message issued by PING, a common diagnostic tool that is described in detail later in this chapter. First in the header comes the Version field, which indicates that this transmission relies on version 6 of the Internet Protocol, expressed in binary format as 0110. (Recall from Chapter 2’sdiscussion of binary conversion that 0110 would be 0 x 8 + 1 x 4 + 1 x 2 + 0 x 1, or 6, in decimal format.)

Next, notice that the Traffic class and Flow label field are both set to 0x0000000. That means values for these fields have not been specified. Without Traffic class or Flow label information, routers receiving this packet will not prioritize it or make any guarantees that it will reach its destination at the same time as any other packets. For many types of traffic, this is perfectly acceptable. Next in the IPv6 header comes the Payload field, with a value of 64, which means the packet carries 64 bits of data. Considering that IPv6 packets may carry payloads as large as 64 KB, this is a very small packet. The Next header field in this packet indicates that the data in the payload belongs to an ICMP transmission. (ICMP is also described later in this chapter.) The IPv6 datagram’s Hop limit is set to 64. That means that if the packet were to keep traveling across a network, it could be forwarded by routers 64 times before it was discarded. Finally, the last two fields in the packet show the IP addresses for the packet’s source and destination, 2001:470:1f10:1a6::2 and 2001:470:1f10:1a6::1, respectively.

It’s useful to understand the differences between IPv4 and IPv6 transmissions before learning about other TCP/IP protocols. For example, the protocols described in the next two sections, IGMP and ARP, are used only on IPv4 networks. The functions they provide have become part of the IPv6 protocol and no longer need to be provided by separate Network layer protocols.

IGMP (Internet Group Management Protocol)

Another core TCP/IP protocol is IGMP (Internet Group Management Protocol or Internet Group Multicast Protocol). IGMP operates at the Network layer of the OSI model and manages multicasting on networks running IPv4. Multicasting is a transmission method that allows one node to send data to a defined group of nodes. Whereas most data transmission occurs on a point-to-point basis, multicasting is a point-to-multipoint method. And unlike a broadcast transmission, a multicast transmission does not necessarily issue transmissions to every node on a segment. Multicasting can be used for teleconferencing or videoconferencing over the Internet, for example. Routers use IGMP to determine which nodes belong to a certain multicast group and to transmit data to all nodes in that group. Network nodes use IGMP to join or leave multicast groups at any time.

ARP (Address Resolution Protocol)

ARP (Address Resolution Protocol) is a Network layer protocol used with IPv4 that obtains the MAC (physical) address of a host, or node, and then creates a database that maps the MAC address to the host’s IP address. If one node needs to know the MAC address of another node on the same network, the first node issues a broadcast message to the network, using ARP, that essentially says, “Will the computer with the IP address 1.2.3.4 please send me its MAC address?” In the context of networking, a broadcast is a transmission that is simultaneously sent to all nodes on a particular network segment. The node that has the IP address 1.2.3.4 then broadcasts a reply that contains the physical address of the destination host. To make ARP more efficient, computers save recognized MAC-to-IP address mappings on their hard disks in a database known as an ARP table (also called an ARP cache). After a computer has saved this information, the next time it needs the MAC address for another device, it finds the address in its ARP table and does not need to broadcast another request. Although the precise format of ARP tables may vary from one operating system to another, the essential contents of the table and its purpose remain the same. An ARP table can contain two types of entries: dynamic and static. Dynamic ARP table entries are created when a client makes an ARP request that cannot be satisfied by data already in the ARP table. Static ARP table entries are those that someone has entered manually using the ARP utility. The ARP utility, accessed via the arp command from a Windows command prompt or a UNIX or Linux shell prompt, provides a way of obtaining information from and manipulating a device’s ARP table. For example, you can view a Windows workstation’s ARP table by typing arp -a at the command line and pressing Enter. ARP can be a valuable troubleshooting tool for discovering the identity of a machine whose IP address you know, or for identifying the problem of two machines trying to use the same IP address.

ICMP (Internet Control Message Protocol)

Whereas IP helps direct data to its correct destination, ICMP (Internet Control Message Protocol) is a Network layer core protocol that reports on the success or failure of data delivery. It can indicate when part of a network is congested, when data fails to reach its destination, and when data has been discarded because the allotted time for its delivery (its TTL) expired. ICMP announces these transmission failures to the sender, but ICMP cannot correct any of the errors it detects; those functions are left to higher-layer protocols, such as TCP. However, ICMP’s announcements provide critical information for troubleshooting network problems.

IPv6 relies on ICMPv6 (Internet Control Message Protocol version 6) to perform the functions that ICMP, IGMP, and ARP perform in IPv4. In other words, ICMPv6 detects and reports data transmission errors, discovers other nodes on a network, and manages multicasting.

IPv4 Addressing

You have learned that networks recognize two kinds of addresses: logical (or Network layer) and physical (or MAC or hardware) addresses. Physical addresses are assigned to a device’s NIC at the factory by its manufacturer. Logical addresses can be manually or automatically assigned and must follow rules set by the protocol standards. In the TCP/IP protocol suite, IP s the protocol responsible for logical addressing. For this reason, addresses on TCP/IP-based networks are often called IP addresses. IP addresses are assigned and used according to very specific parameters.

Each IP address is a unique 32-bit number, divided into four octets, or sets of 8 bits, that are separated by periods. Because 8 bits equals 1 byte, each octet is a byte, and an IP address is thus composed of 4 bytes. An example of a valid IP address is 144.92.43.178. An IP address contains two types of information: network and host. From the first octet, you can determine the network class. In traditional IP addressing, three types of network classes are used for LANs: Class A, Class B, and Class C. (In Chapter 9, however, you’ll learn about developments that allow networks to circumvent such class designations.) Table 4-4 summarizes characteristics of the three commonly used classes of TCP/IP-based networks.

In addition, Class D and Class E addresses do exist, but are rarely used. Class D addresses, which begin with an octet whose value is between 224 and 239, are reserved for multicasting. IETF (Internet Engineering Task Force) reserves Class E addresses, which begin with an octet whose value is between 240 and 254, for experimental use. You should never assign Class D or Class E addresses to devices on your network. Certain octets in an IP address are reserved for special functions. The number 0 is reserved to act as a placeholder when referring to an entire group of computers on a network—for example, 10.0.0.0 represents all of the devices whose first octet is 10. The number 255, when used in the host portion of an address, indicates a broadcast transmission. Sending a message to the address 147.82.255.255, for example, sends a message to all devices connected to the 147.82.0.0 network.

Table 4-4 - Commonly used TCP/IP classes

Network class	Beginning octet	Number of networks	Maximum addressable hosts per network
A	1–126	126	16,777,214
B	128–191	> 16,000	65,534
C	192–223	> 2,000,000	254

A portion of each IP address contains clues about the network class. An IP address whose first octet is in the range of 1–126 belongs to a Class A network. All IP addresses for devices on a Class A segment share the same first octet, or bits 0 through 7. For example, nodes with the following IP addresses may belong to the same Class A network: 23.78.110.109, 23.164.32.97, 23.48.112.43, and 23.108.37.22. In this example, 23 is the network ID. The second through fourth octets (bits 8 through 31) in a Class A address identify the host. An IP whose first octet is in the range of 128–191 belongs to a Class B network. All IP addresses for devices on a Class B segment share the first two octets, or bits 0 through 15.

For example, nodes with the following IP addresses may belong to the same Class B network: 168.34.88.29, 168.34.55.41, 168.34.73.49, and 168.34.205.113. In this example, 168.34 is the network ID. The third and fourth octets (bits 16 through 31) on a Class B network identify the host. An IP address whose first octet is in the range of 192–223 belongs to a Class C network. All IP addresses for devices on a Class C segment share the first three octets, or bits 0 through 23For example, nodes with the following addresses may belong to the same Class C network204.139.118.7, 204.139.118.54, 204.139.118.14, and 204.139.118.31. In this example204.139.118 is the network ID. The fourth octet (bits 24 through 31) on a Class C network identifies the host. Internet founders intended the use of network classes to provide easy organization and sufficient quantity of IP addresses on the Internet. However, their goals haven’t necessarily been met. Class A addresses were distributed liberally to large companies and government organizations who were early users of the Internet, such as IBM. Some organizations reserve many more addresses than they had devices. Class B addresses were distributed to midsized organizations and Class C addresses to smaller organizations, such as colleges. Today, many Internet addresses go unused, but cannot be reassigned because an organization has reserve them. Although potentially more than 4.3 billion Internet addresses are available, the demand for such addresses grows exponentially every year. To respond to this demand, a new addressing scheme was developed that can supply the world with enough addresses to last well into this century. IP version 6 (IPv6) incorporates this new addressing scheme. You will learn more about IPv6 addressing later in this chapter.

In addition, some IP addresses are reserved for special functions, like broadcasts, and cannot be assigned to machines or devices. Notice that 127 is not a valid first octet for any IP address. The range of addresses beginning with 127 is reserved for a device communicating with itself, or performing loopback communication. Thus, the IP address 127.0.0.1 is called loopback address. Attempting to contact this IP number—in other words, attempting to contact your own machine—is known as a loopback test. (In fact, when you transmit to any IP address beginning with the 127 octet, you are communicating with your own machine.) A loopback test can prove useful when troubleshooting problems with a workstation’s TCP/IP communications. If you receive a positive response from a loopback test, you know that the TCP/IP core protocols are installed and in use on your workstation.

The command used to view IP information on a Windows workstation is ipconfig. To view your current IP information on a Windows workstation:

1. Click the Start button, select All Programs, select Accessories, and then select Command Prompt. The Command Prompt window opens.

2. At the command prompt, type ipconfig /all and press Enter. Your workstation’s IP address information is displayed.

3. Type exit and press Enter to close the Command Prompt window.

To view and edit IP information on a computer running a version of the UNIX or Linux operating system, use the ifconfig command. (Note that ipconfig and ifconfig differ by only one letter.) Simply type ifconfig -a at the shell prompt to view all the information about your TCP/IP connections and addresses.

Now that you have learned the most important characteristics of IP addresses, you are ready to learn more about how computers interpret these addresses.

Binary and Dotted Decimal Notation

So far, all of the IP addresses in this section have been represented in dotted decimal notation. Dotted decimal notation, the most common way of expressing IP addresses, refers to the “shorthand” convention used to represent IP addresses and make them easy for people to read. In dotted decimal notation, a decimal number between 0 and 255 represents each binary octet, for a total of 256 possibilities. A period, or dot, separates each decimal. An example of a dotted decimal IP address is 131.65.10.18. Each number in a dotted decimal address has a binary equivalent. In Chapter 3, you learned how to convert decimal numbers to their binary equivalents. Converting a dotted decimal address to its binary equivalent is simply a matter of converting each octet and removing the decimal points. For example, in the dotted decimal address 131.65.10.36, the binary equivalent of the first octet, 131, is 10000011; the binary equivalent of the second octet, 65, is 01000001; the binary equivalent of the third octet, 10, is 00001010; and the binary equivalent of the fourth octet, 36, is 00100100. Therefore, the binary value for 131.65.10.36 is 10000011 01000001 00001010 00100100.

Subnet Mask

In addition to an IP address, every device on a network running IPv4 is assigned a subnet mask. A subnet mask is a special 32-bit number that, when combined with a device’s IP address, informs the rest of the network about the segment or network to which the device is attached. That is, it identifies the device’s subnet. Like IP addresses, subnet masks are composed of four octets (32 bits) and can be expressed in either binary or dotted decimal notation. Subnet masks are assigned in the same way that IP addresses are assigned—either manually, within a device’s TCP/IP configuration, or automatically, through a service such as DHCP (described in detail later in this chapter). A more common term for subnet mask is net mask, and sometimes simply mask, as in “a device’s mask.”

You might wonder why a network node even needs a subnet mask, given that the first octet of its IP address indicates its network class. The answer lies with subnetting; a process of subdividing a single class of networks into multiple, smaller logical networks, or segments. Network managers create subnets to manage and separate network traffic and to make the best use of a limited number of IP addresses. Methods of subnetting are discussed in detail in Chapter 9. For now, it is enough to know that regardless of whether a network is subnetted, its devices are assigned a subnet mask.

On networks that use subnetting, the subnet mask varies depending on the way the network is subnetted. On networks that do not use subnetting, however, the subnet masks take on a default value, as shown in Table 4-5. To qualify for Network+ certification, you should be familiar with the default subnet masks associated with each network class

Table 4-5 Default subnet masks

Network class		Default subnet mask
A	1–126	255.0.0.0
B	128–191	255.255.0.0
C	192–223	255.255.255.0

IPv6 Addressing

Up to this point, you have learned about IP addressing according to the IPv4 scheme. This section introduces you to addressing in IPv6 and explains the differences between addressing in IPv4 and addressing in IPv6. For Network+ certification, you will need to understand both addressing schemes. The most notable difference between IP addresses in IPv4 and IPv6 is their size. Whereas IPv4 addresses are composed of 32 bits, IPv6 addresses are composed of eight 16-bit fields, for a total of 128 bits. The added fields and the larger address size result in an increase of 2 (or 4 billion times 4 billion times 4 billion) available IP addresses in the IPv6 addressing scheme. The addition of more IP addresses not only allows every interface on every Internet connected device to have a unique number, but also eliminates the need for IP address conservation. With the increasing number of network-enabled devices, including handheld computers, telephones, home security systems, traffic cameras, and even pet-tracking systems, the limited quantity of IPv4 addresses posed a serious bottleneck.

A second difference between IPv4 and IPv6 addresses is the way they are represented. Whereas each octet in an IPv4 address contains decimal numbers separated by a period (for example, 123.45.67.89), each field in an IPv6 address is typically represented in hexadecimal numbers separated by a colon. (Keep in mind that the computer still reads the binary version of this address, and if you wanted, you could also write an IPv6 address in binary format.) An example of a valid IPv6 address is FE22:00FF:002D:0000:0000:0000:3012:CCE3. Because many IPv6 addresses will contain multiple fields that have values of 0, two methods of shorthand for representing these fields have been established. One method eliminates all leading zeros—that is, zeros that precede another hexadecimal digit—within a field. For example, the field 00FF could also be written FF and the field 0000 could be written 0. Thus, FE22:00FF:002D:0000:0000:0000:3012:CCE3 can be written as FE22:FF:2D:0:0:0:3012:CCE3. A second type of shorthand substitutes :: for any number of multiple, zero-value fields. Thus, FE22:00FF:002D:0000:0000:0000:3012:CCE3 can also be written as FE22:FF:2D::3012:CCE3. The substitution of multiple zero-value fields can only be performed once within an address; otherwise, you cannot tell how many fields the :: symbol represents. For example, the IPv6 address 2001:0:0:34D0:0:0:9F77:2854 could not be abbreviated 2001::34D0::9F77:2854. It could instead be abbreviated 2001::34D0:0:0:9F77:2854 or 2001:0:0:34D0::9F77:2854. An important address to memorize is the IPv6 loopback address. Recall that in IPv4 the loopback address has a value of 127.0.0.1. In IPv6, however, the loopback address has a value of 0:0:0:0:0:0:0:1. Abbreviated, the IPv6 loopback address becomes ::1.

A third difference between the two types of IP addresses is that in IPv6, addresses can reflect the scope of a transmission’s recipients—for example, a single node, a group, or a special kind of group. One type of IPv6 address is a unicast address, or an address that represents a single interface on a device. A unicast address is the type of address that would be assigned, for example, to a workstation’s network adapter. If you wanted to save a file from your laptop onto your company’s server using IPv6 that transmission would call for a unicast address. Also, the loopback address is a unicast address a multicast address represents multiple interfaces (often on multiple devices). Multicast addresses are useful for transmitting the same data to many different devices simultaneously, as in point-to-multipoint communications.

IPv6 allows for the specification of several types of multicast groups. For example, the global multicast group, which directs data to all reachable nodes, is akin to the broadcast transmission in IPv4. The link-local multicast group includes computers that share the same link as the transmitting node. An anycast address represents any one interface from a group of interfaces, any one of which can accept a transmission. Anycast addresses could be useful for identifying all of the routers that belong to one ISP, for example. In this instance, an Internet transmission destined for one of that ISP’s servers could be accepted by the first available router in the anycast group. The result is that the transmission finishes faster than if it had to wait for one specific router interface to become available. At this time, anycast addresses are not designed to be assigned to hosts, such as servers or workstations.

A fourth significant difference between IPv4 and IPv6 addressing is that in IPv6, each address contains a Format Prefix, or a variable-length field at the beginning of the address that indicates what type of address it is—unicast, multicast, or anycast. A link-local unicast address begins with the hexadecimal string FE80. A site-local unicast address begins with FEC0. A multicast address begins with the following hexadecimal string: FF0x, where x is a character that corresponds to a group scope ID. For example, the Format Prefix for a link-local multicast address is FF02, while the Format Prefix for a global multicast address is FF0E. Virtually all modern network devices and operating systems can transmit and receive data using both IPv4 and IPv6. Using both on one network is known as a dual-stack approach. Dual-stack networks are common because even as organizations upgrade to IPv6, their customers, partners, and suppliers with interconnected networks might lag behind and require IPv4 support. Several methods exist to accommodate IPv6 traffic on IPv4 networks. Although a thorough explanation of each method is beyond the scope of this book, Chapter 9 will describe IPv6 and IPv4 networking in greater detail.

Assigning IP Addresses

You have learned that several government-sponsored organizations—including IANA, ICANN, and RIRs—cooperate to dole out IP addresses to ISPs and other network providers around the world. You also learned that most companies and individuals obtain IP addresses from their ISPs and not directly from the government’s higher authorities. This section describes how an organization assigns its group of IP addresses to networked devices so that they can communicate over the Internet.

Whether connecting to the Internet or to another computer within a LAN, every node on a TCP/IP network must have a unique IP address. Suppose client B joins a network and takes an IP address that is already in use by client A, which is on the same subnet. In that case, client B will receive an error message and its TCP/IP services will be disabled, client A may also receive an error message, but can continue to function normally. You can modify a client’s TCP/IP properties to assign it an IP address manually. A manually assigned IP address is called a static IP address because it does not change automatically. It changes only when you reconfigure the client’s TCP/IP properties. Unfortunately, due to human error, static IP addressing can easily result in the duplication of address assignments. So rather than assigning IP addresses manually, most network administrators rely on a network service to automatically assign them.

An IP address that is assigned to a device upon request and is changeable is known as a dynamic IP address. The most common method for automatically assigning IPv4 addresses is using the Dynamic Host Configuration Protocol (DHCP).

DHCP (Dynamic Host Configuration Protocol)

DHCP (Dynamic Host Configuration Protocol) is an automated means of assigning a unique IP address to devices on a network. In DHCP, a DHCP server manages IP address assignment. The server maintains information about which addresses are allowable, which are available, and which have already been associated with a host. DHCP belongs to the Application layer of the TCP/IP and OSI models.

Reasons for implementing DHCP include the following:

· To reduce the time and planning spent on IP address management—Central management of IP addresses eliminates the need for network administrators to edit the TCP/IP configuration on every network workstation, printer, or other device.

· To reduce the potential for errors in assigning IP addresses—With DHCP, almost no possibility exists that a workstation will be assigned an invalid address or that two workstations will attempt to use the same IP address. (Occasionally, the DHCP server software may make a mistake.)

· To enable users to move their workstations and printers without having to change their TCP/IP configuration—As long as a workstation is configured to obtain its IP address from a DHCP server and that server is available, the workstation can be attached anywhere on the network and receive a valid address.

· To make IP addressing transparent for mobile users—A person visiting your office, for example, could attach to your network and receive an IP address without having to change his laptop’s configuration.

DHCP Leasing Process

With DHCP, a device borrows, or leases, an IP address while it is attached to the network. In other words, it uses the IP address on a temporary basis for a specified length of time. On most networks, a client obtains its DHCP-assigned address as soon as it logs on to a network. The length of time a lease remains in effect depends on DHCP server and client configurations. Leases that expire must be renegotiated for the client to remain on the network. Alternatively, users can force a lease termination at the client, or a network administrator can force lease terminations at the server. Configuring the DHCP service involves identifying a DHCP scope, or a range of addresses that can be leased to any network device on a particular segment, plus a list of excluded addresses, if any exist. As a network administrator, you configure the duration of the lease to be as short or as long as necessary, from a matter of minutes to forever. After the DHCP server is running, the client and server take the following steps to negotiate the client’s first lease. (Note that the following example applies to a workstation, but devices such as networked printers may also take advantage of DHCP.)

1. When the client workstation is powered on and its NIC detects a network connection, it sends out a DHCP discover packet in broadcast fashion via the UDP protocol to the DHCP server.

2. Every DHCP server on the same subnet as the client receives the broadcast request. Each DHCP server responds, in broadcast fashion, to offer an available IP address, while simultaneously withholding that address from other clients. The response message includes the available IP address, subnet mask, IP address of the DHCP server, and lease duration. (Because the client doesn’t have an IP address, the DHCP server cannot send the information directly to the client.)

3. The client accepts the first IP address that it receives, responding with a broadcast message that essentially confirms to the DHCP server that it wants to accept the address. Because this message is broadcast, all other DHCP servers that might have responded to the client’s original query see this confirmation and return the IP addresses they had reserved for the client to their pool of available addresses.

4. When the selected DHCP server receives the confirmation, it replies to the client with an acknowledgment message. It also provides more information, such as DNS, subnet mask, or gateway addresses that the client might have requested.

The preceding steps involve the exchange of only four packets and, therefore, do not usually increase the time it takes for a client to log on to the network. The client and server do not have to repeat this exchange until the lease is terminated. The IP address remains in the client’s TCP/IP settings so that even after the client shuts down and reboots, it can use this information and not have to request a new address. However, if the device is moved to another network, it will be assigned different IP address information suited to that network.

Terminating a DHCP Lease

A DHCP lease may expire based on the period established for it in the server configuration, or it may be manually terminated at any time from either the client’s TCP/IP configuration or the server’s DHCP configuration. In some instances, a user must terminate a lease. For example, if a DHCP server fails and another is installed to replace it, the clients that relied on the first DHCP server need to release their old leases (and obtain new leases from the new server).

To release TCP/IP settings on a client running a Windows operating system:

1. Click the Start button, click All Programs, click Accessories, and then click Command Prompt. The Command Prompt window opens.

2. At the command prompt, type ipconfig /release and then press Enter. Your TCP/ IP configuration values are cleared, and both the IP address and subnet mask revert to 0.0.0.0.

3. Type exit and press Enter to close the Command Prompt window.

Releasing old DHCP information is the first step in the process of obtaining a new IP address. To obtain a new IP address on a Windows workstation:

1. If you are not already at a command prompt, click the Start button, click All Programs, click Accessories, and then click Command Prompt. The Command Prompt window opens.

2. At the command prompt, type ipconfig /renew and then press Enter. Your client follows the DHCP leasing process, which reestablishes its TCP/IP configuration values. These values will be appropriate for the network to which you are attached.

3. Type exit and press Enter to close the Command Prompt window.

Occasionally your client’s attempt to renew or obtain a new DHCP-assigned address will fail. For example, you might receive a message indicating that the DHCP server is unreachable. This error could result from one of many problems: Your client might be disconnected from the network, whether because a cable is unplugged or faulty or because its protocols are not installed or configured properly; your client or server’s DHCP services could be improperly configured; or the DHCP server might be down.

The type of DHCP used on IPv4 networks can also be called DHCPv4. The type used with IPv6 is known as DHCPv6, and it operates in the same way as the version used for IPv4, described previously. However, because IPv6 comes with automatic addressing capabilities, DHCP addressing services are optional on IPv6 networks.

DHCP services run on several types of devices. The installation and configurations for each type of server vary; for specifics, refer to the DHCP server software or NOS manual. To qualify for Network+ certification, you need not know the intricacies of installing and configuring DHCP server software. You do, however, need to know what DHCP does and how it accomplishes it. You also need to understand the advantages of using dynamic IP addresses rather than static addresses.

Private and Link-Local Addresses

You have already learned about some addresses, such as the loopback address and broadcast addresses, which are reserved for special uses. In addition to these, Internet authorities have designated IP address ranges that can be used for private addresses. Private addresses allow hosts in an organization to communicate across its internal network. Private addresses cannot be routed on a public network, such as the Internet. Private addresses differ from public addresses in that the latter are assigned to an organization by Internet authorities and can be used to identify hosts on the Internet.

The following IPv4 address ranges are reserved for private addresses:

10.0.0.0 through 10.255.255.255

172.16.0.0 through 172.31.255.255

192.168.0.0 through 192.168.255.255

With private addressing, Company A can assign its workstations the IP addresses 10.5.5.2 through 10.5.5.22; meanwhile, across town, Company B might assign its workstations IP addresses 10.5.5.5 through 10.5.5.15. Although the companies are using some of the same IP addresses internally, because these addresses are not used beyond the companies’ networks, no conflicts will occur as a result.

When the workstations at either company need to communicate over the Internet, each is assigned a different, Internet-routable IP address.You will learn more about why and how this is accomplished in Chapter 9.

Using private addresses can extend the number of available IPv4 addresses on an organization’s network. Private addresses also allow computers on an organization’s network to communicate if a DHCP server is unavailable to assign routable addresses. Operating systems come equipped with a way to automatically assign each node a provisional IP address if this occurs. This provisional address, capable of transmitting and receiving data only on a local network segment, is known as the link-local address. A link-local address is a special kind of private address. With a link-local address, a computer can communicate across a LAN segment or communicate directly with another computer when the two are connected with a cable, for example. However, link-local addresses are not routable and do not allow nodes to communicate beyond their segments. In other words, clients with link-local addresses separated by a router could not exchange data. Were they connected to the same switch, they could. Even though their use is restricted, link-local addresses must still follow standards to avoid network transmission trouble. IANA (Internet Assigned Numbers Authority) has designated ranges of IP addresses for use as link-local addresses. For IPv4, the range is 169.254.0.0 through 169.254.254.255. Link-local addresses in IPv6 always begin with FE80.

Zeroconf (Zero Configuration) is the collection of protocols that assigns link-local addresses, performs DNS functions (described later in this chapter), and discovers services, such as print services, available to the node. Because Zeroconf is part of a computer’s operating software, the assignment happens without the need to register or check with a central authority. In the case of a network whose DHCP is temporarily unavailable, when the DHCP server is available once again, Zeroconf services release its assigned IP address and allow the client to receive a DHCP-assigned address. With Zeroconf, IPv4 addresses are assigned through IPv4LL (IP version 4 Link Local), a protocol that manages automatic address assignment among locally connected nodes. In IPv4LL, when computer A joins the network, it randomly chooses an IP address in the range from 169.254.1.0 to 169.254.254.255. Before using its chosen address to communicate, computer A sends a message, via the ARP protocol, to the rest of its subnet indicating its desire to use that IP address. But suppose computer B is already using the address. In that case, computer B will respond to computer A’s message with a broadcast that alerts every other node on the subnet that the IP address is already in use. Computer A will then randomly select a different IP address. However, if, after a brief period of time, no other node responds to the first node’s announcement, computer A will issue a broadcast message that informs the rest of the subnet that it has assigned itself the address it chose initially.

Zeroconf is especially useful with network printers. Some printers don’t come with interfaces that enable a network administrator to easily configure TCP/IP variables. If they support Zeroconf, printers can connect to the network and be ready to communicate with no human intervention. Virtually all modern printers come with Zeroconf support. Zeroconf is also part of modern client and network operating systems. The version of Zeroconf services used by most Linux operating systems is known as Avahi. Apple’s version of Zeroconf is called Bonjour. The service that provides link-local addressing on Windows clients is known as APIPA (Automatic Private IP Addressing).

To check whether a computer running a Windows operating system is using APIPA:

1. Click the Start button, click All Programs, click Accessories, and then select Command

Prompt. The Command Prompt window opens.

2. At the command prompt, type ipconfig /all and then press Enter. If the Autoconfiguration Enabled option is set to Yes, your computer is using APIPA.

Even if your network does not need or use APIPA, leaving it enabled is not necessarily problematic because APIPA is designed to first check for the presence of a DHCP server and allow the DHCP server to assign addresses. In addition, if a computer’s IP address has been assigned statically, APIPA does not reassign a new address. It only works with clients configured to use DHCP. APIPA can be disabled, however, by editing the Windows operating system’s Registry.

Sockets and Ports

Just as a device requires a unique address to send and receive information over the network, a process also requires a unique address. Every process on a machine is assigned a port number. If you compare IP addressing with the addressing system used by the postal service, and you equate a host’s IP address to the address of a building, a port number is similar to an apartment number within that building.

A process’s port number plus its host machine’s IP address equals the process’s socket. For example, the standard port number for the Telnet service is 23. On a host whose IPv4 address is 10.43.3.87, the socket address for Telnet is 10.43.3.87:23. In other words, the host assumes that any requests coming into port number 23 are Telnet requests (that is, unless you reconfigure the host to change the default Telnet port). Notice that a port number is expressed as a number following a colon after an IP address. In this example, 23 is not considered an additional octet, but simply a pointer to a port. Sockets form virtual connections between a process on one computer and the same process running on another computer.

Because port numbers are used by Transport layer protocols, they apply whether your network uses IPv4 or IPv6.

The use of port numbers simplifies TCP/IP communications and ensures that data are transmitted to the correct application. When a client requests communications with a server and specifies port 23, for example, the server knows immediately that the client wants a Telnet session. No extra data exchange is necessary to define the session type, and the server can initiate the Telnet service without delay. The server will connect to the client’s Telnetport—by default, port 23—and establish a virtual circuit. Port numbers range from 0 to 65535 and are divided by IANA into three types: Well Known Ports, Registered Ports, and Dynamic and/or Private Ports. Well Known Ports are in the range from 0 to 1023 and are assigned to processes that only the operating system or an administrator of the system can access. These were the first ports assigned to processes, and so the earliest TCP/IP protocols, such as TCP, UDP, Telnet, and FTP, use Well Known Ports. Table 4-6 lists some of these Well Known Ports.

Registered Ports are in the range from 1024 to 49151. These ports are accessible to network users and processes that do not have special administrative privileges. Default assignments of these ports (for example, by a software program) must be registered with IANA. Dynamic Ports and/or Private Ports are those ranging from 49152 to 65535 and are open for use without restriction.

Although you do not need to memorize every port number for the Network+ certification exam, you may be asked about the port numbers associated with common services, such as Telnet, FTP, and HTTP. Knowing them will also help you in configuring and troubleshooting networks using TCP/IP.

Port numbers are assigned either by the operating system or by software programs that rely on them. Servers maintain an editable, text-based file of port numbers and their associated services. If you have administrative privileges—that is, if you know the logon id and password that allows you to modify any aspect of a system—you can change which port number a service uses. For example, you could change the default port number for Telnet on your server from 23 to 2330. Changing a default port number is rarely a good idea, however, because it violates the standard and means that processes programmed to use a standard port will not be able to communicate with your machine. Nevertheless, some network administrators who are preoccupied with security may change their servers’ port numbers in an attempt to confuse people with malicious intent who try connecting to their devices through conventional sockets.

Table 4-6: Commonly used TCP/IP port numbers

Port number	Process name	Protocol used	Description
20	FTP-DATA	TCP	File transfer—data
21	FTP	TCP	File transfer—control
22	SSH	TCP	Secure Shell
23	TELNET	TCP	Telnet
25	SMTP	TCP	Simple Mail Transfer Protocol
53	DNS	TCP and UDP	Domain Name System
67 (client to server) and 68 (server to client)	DHCPv4	UDP	Dynamic Host Configuration Protocol version 4
69	TFTP	UDP	Trivial File Transfer Protocol
80	HTTP	TCP and UDP	Hypertext Transfer Protocol
110	POP3	TCP	Post Office Protocol 3
123	NTP	TCP	Network Time Protocol
143	IMAP	TCP	Internet Message Access Protocol
443	HTTPS	TCP	Secure implementation of HTTP
546 (client to server) and 547 (server to client)	DHCPv6	UDP	Dynamic Host Configuration Protocol version 6
3389	RDP	TCP	Remote Desktop Protocol

Host Names and DNS (Domain Name System)

Much of TCP/IP addressing involves numbers—often long, complicated numbers. Computers can manage numbers easily. However, most people can remember words better than numbers. Imagine if you had to identify your friends’ and families’ Social Security numbers whenever you wanted to write a note or talk to them. Communication would be frustrating at the very least, and perhaps even impossible—especially if you’re the kind of person who has trouble remembering even your own Social Security number. Similarly, people prefer to associate names with networked devices rather than remember IP addresses. For this reason, the Internet authorities established a naming system for all nodes on the Internet. Every device on the Internet is technically known as a host. Every host can take a host name, a name that describes the device. For example, someone named Jasmine McDonald might name her workstation “Jasmine.” If the computer is reserved for a specific purpose, you may want to name it accordingly. For example, a company that offers free software downloads through the FTP service might call its host machine “ftpserver.”

Domain Names

Every host is a member of a domain, or a group of computers that belongs to the same organization and has part of their IP addresses in common. A domain is identified by its domain name. Usually, a domain name is associated with a company or other type of organization, such as a university, government organization, or company. For example, IBM’s domain name is ibm.com, and the United States Library of Congress’s domain name is loc.gov. Often, when networking professionals refer to a machine’s host name, they in fact mean its local host name plus its domain name—in other words, its fully qualified host name, also known as its fully qualified domain name or FQDN. For example, the fully qualified host name for the Library of Congress’s blog Web site is blogs.loc.gov. A domain name is represented by a series of character strings, called labels, separated by dots. Each label represents a level in the domain naming hierarchy. In the domain name www.google.com, com is the top-level domain (TLD), google is the second-level domain, and www is the third-level domain. Each second-level domain can contain multiple third-level domains. For instance, in addition to www.google.com, Google also owns the following domains: news.google.com, maps.google.com, and mail.google.com.

Domain names must be registered with an Internet naming authority that works on behalf of ICANN. ICANN has established conventions for domain naming so that certain TLDs apply to every type of organization that uses the Internet. Table 4-7 lists some well-known ICANN approved TLDs. The first eight TLDs listed in this table were established in the mid-1980s. Of these, no restrictions exist on the use of the .com, .org, and .net TLDs, but ICANN does restrict what type of hosts can be associated with the .arpa, .mil, .int, .edu, and .gov TLDs. In addition to those listed in Table 4-7, ICANN has approved over 240 country code TLDs to represent different countries and territories across the globe. For example, .ca is the country code TLD assigned to Canada and .jp is the country code TLD assigned to Japan. Organizations are not required to use country code TLDs. For example, although Cisco’s headquarters are located in the United States, the company’s domain name is www.cisco.com, not www.cisco.us. On the other hand, some United States organizations do use the .us suffix.

For example, the domain name for the Garden City, New York, public school district is www.gardencity.k12.ny.us. A complete list of current TLDs can be found at www.iana.org/domains/root/db/.

In 2011, ICANN decided to loosen its restrictions on TLD names and allow organizations to apply for a new TLD composed of almost any alphanumeric string, including one that uses characters not found in the English language. Applying for a new TLD costs $185,000, and each application will undergo a rigorous evaluation.

Table 4-7 Some well-known top-level domains

Domain suffix	Type of organization
ARPA	Reverse lookup domain (special Internet function
COM	Commercial
EDU	Educational
GOV	Government
ORG	Noncommercial organization (such as a nonprofit agency)
NET	Network (such as an ISP)
INT	International Treaty Organization
MIL	United States military organization
BIZ	Businesses
INFO	Unrestricted use
AERO	Air-transport industry
COOP	Cooperatives

After an organization reserves a domain name, the rest of the world’s computers know to associate that domain name with the organization to which it is assigned, and no other organization can legally use it. For example, you might apply for a domain name made up of your first and last names. If your name is Evgeny Simonovsky, you might request the domain name evgenysimonovsky.com. After you have reserved the domain, hosts across the Internet would associate that name with your network. No other parties in the world could use evgenysimonovsky.com in naming computers that they allow to connect to the Internet. Host and domain names are subject to some restrictions. Domain names may consist of any alphanumeric combination up to a maximum of 253 characters, and can include hyphens, underscores, or periods in the name, but no other special characters. The interesting part of host and domain naming relates to how all Internet-connected machines in the world know which names belong to which machines. Before tackling the entire world, however, you can start by thinking about how one company might deal with its local host names, as explained in the following section.

Host Files

The first incarnation of the Internet (ARPAnet) was used by fewer than 1000 hosts. The entire network relied on one ASCII text file called HOSTS.TXT to associate host names with IP addresses. This file was generically known as a host file. Growth of the Internet soon made this simple arrangement impossible to maintain—the host file would require constant changes, searching through one file from all over the nation would strain the Internet’s bandwidth capacity, and the entire Internet would fail if the file were accidentally deleted.

However, in rare cases you may still encounter this older system of using a text file to associate internal host names with their IP addresses. Figure 4-16 provides an example of such a file. Notice that each host is matched by one line identifying the host’s name and IP address. In addition, a third field, called an alias, provides a nickname for the host. An alias allows a user within an organization to address a host by a shorter name than the full host name. Typically, the first line of a host file begins with a pound sign and contains comments about the file’s columns. A pound sign may precede comments anywhere in the host file. In addition to identifying hosts on other networks, each host file indicates the local host’s address.

In Figure 4-16, the local host is presumed to exist on the cengage.com domain. Note that

the local host’s address points to the loopback address, first for IPv6 and in the next line,

for IPv4.

Figure 4-16 Sample host file

# Host database

# This file contains the mappings of IP addresses to host names and the

# aliases for each host name. In the presence of the domain name service,

# this file may not be consulted.

# Comments (such as these) may be inserted on individual lines or

# following the machine name denoted by a '#' symbol.

# Address Host name Alias

::1 localhost.cengage.com localhost

127.0.0.1 localhost.cengage.com localhost

69.32.133.79 www.cengage.com Web

69.32.134.163 ftp.cengage.com FTP

69.32.146.63 gale.cengage.com Gale

69.32.132.117 poweron.cengage.com TechSupport

On a computer running UNIX or Linux, a host file is called hosts and is located in the /etc directory. On a Windows computer, a host file is also called hosts (with no file extension) and is located in the Windows\system32\drivers\etc folder. A simple host file can satisfy the needs of a small organization; however, it is not sufficient for large organizations, much less for the Internet. Instead, an automated solution is mandatory.

DNS (Domain Name System)

In the mid-1980s, computer scientists responsible for the Internet’s growth devised a hierarchical way of associating domain names with IP addresses, called the DNS (Domain Name System or Domain Name Service). DNS refers to both the Application layer service that accomplishes this association and also to the organized system of computers and databases that makes this association possible.

The DNS service does not rely on one file or even one server, but rather on many computers across the globe. These computers are related in a hierarchical manner, with 13 computers, known as root servers, acting as the ultimate authorities. Because it is distributed, DNS will not fail catastrophically if one or a handful of servers experience errors. To direct traffic efficiently, the DNS service is divided into three components: resolvers, name servers, and namespace. Resolvers are any hosts on the Internet that need to look up domain name information. The resolver client is built into TCP/IP applications such as HTTP. If you point your Web browser to http://www.loc.gov, your HTTP client software initiates the resolver service to find the IP address for www.loc.gov. If you have visited the site before, the information may exist in a local DNS cache, a database stored on your computer that indicates what IP address is associated with the www.loc.gov host name. If the information is not stored locally, the resolver service queries your machine’s designated name server to find the IP address for www.loc.gov. Name servers, or DNS servers, are servers that contain databases of associated names and IP addresses and provide this information to resolvers on request. If one name server cannot resolve the domain name to its IP address, it passes the query to a higher-authority name server. For example, suppose you are trying to open the www.loc.gov Web page from a workstation on your company’s network. Further, suppose this is the first time you’ve visited the Library of Congress online. Upon discovering it does not have the information saved locally, your client’s resolver service queries the closest name server for the IP address associated with www.loc.gov. That name server is probably connected to your LAN. If your LAN’s name server cannot supply the IP address for www.loc.gov, it queries a higher-level name server. In other words, your company’s name server sends a request to the name server at the company’s Internet service provider (ISP). If that name server does not have the information in its database, it queries a name server elsewhere on the Internet that acts as the ISP’s naming authority. This process, continues until the request is granted.

The term namespace refers to the database of Internet IP addresses and their associated names. Namespace is not a single file that you can open and view like a store’s inventory database. Rather, it is an abstract concept that describes how the name servers of the world share DNS information. You can think of DNS namespace as a giant, distributed address book for every computer in the world. Just as you might keep an address book of close friends and family on your computer, but rely on a different source, such as an Internet lookup service, to find contact information for people you don’t know, the DNS namespace does not store every piece of information in one place. Instead, it relies on multiple sources to resolve host names and IP addresses. The structure of the namespace reflects DNS’s hierarchical nature. It is divided into DNS zones, or portions for which one organization is assigned authority to manage. For example, network administrators at the Library of Congress are responsible for managing the namespace for all hosts in the loc.gov domain. If you obtained your own domain name, you would be responsible for managing its namespace. A zone may consist of only one domain. Higher-level zones, such as those associated with TLDs, however, may contain several domains. For example, the .gov zone contains every domain name that ends in .gov. Information about hosts in a DNS zone is contained in a zone file. Each zone file contains resource records that describe one piece of information in the DNS database.

In the address book analogy, a zone file would be similar to the contact list you keep on your computer (your zone) and a resource record would contain the phone number, address, and e-mail address for one of your friends. By storing resource records in its zone file, every name server holds a piece of the DNS namespace. Resource records come in many different types, depending on their function. For example, an address resource record is a type of resource record that maps the IP address of an Internet connected device to its domain name. Each record contains a name field to identify the domain name of the machine to which the record refers, a type field to identify the type of resource record involved, a class field to identify the class to which the record belongs (usually “IN” or “Internet”), a Time to Live field to identify how long the record should be saved in temporary memory, a data length field to identify how much data the record contains, and the actual record data. Approximately 20 types of resource records are currently used. Table 4-8 lists the types of DNS records you will encounter most often. In the following address resource record, gmail.com is the host domain name, IN stands for the Internet record class, A identifies the record type as “address,” and 74.125.225.22 is the host’s IP address: gmail.com. IN A 74.125.225.22 At one time, network administrators manually maintained resource records for their networks’ hosts. Now, however, modern clients update their resource records dynamically.

Table 4-8: Common DNS record types

Type	Name	Description
A	Address record	A host’s IPv4 address
AAAA	Address record	A host’s IPv6 address
CNAME	Canonical name record	Another name for the host
MX	Mail exchange record	Identifies a mail server
PTR	Pointer record	Points to a canonical name

This saves time and eliminates the possibility for human error in modifying DNS information. Clients can be configured to trigger a DNS update when they receive a new IP address (for example, through DHCP), when their host names change, or when they connect to a network. Alternatively, a user can force a DNS record update by issuing a command. For example, typing ipconfig /registerdns at a Windows operating system command prompt while logged on as an administrator forces an update of the client’s registered DNS information.

Configuring DNS

Any host that must communicate with other hosts on the Internet needs to know how to find its name server. Although small organizations might use only one name server, most organizations rely on two name servers—a primary and a secondary name server—to help ensure Internet connectivity. The secondary name server relies on the primary name server as its authority. To ensure that records between the servers match, the secondary server initiates a zone transfer, copying the primary name server’s zone file to the secondary name server. If the primary name server experiences a failure, devices on the network attempt to use the secondary name server. Assuming the zone transfer was successful, the secondary name server should operate just as the primary name server would, and clients will not notice the difference. Each device on the network relies on the name servers and, therefore, must know how to find them. On most networks, the DHCP service automatically assigns clients the appropriate addresses for their primary and secondary name servers.

However, occasionally you might want to manually configure these values. For example, specifying your preferred DNS server address when connecting to a public network, such as a wireless network at a café, can protect your computer from attempts to assign a rogue DNS server—that is, one operated by a hacker who could take advantage of your computer’s trust to steal private information.

To view or change the name server information on a Windows 7 workstation:

1. Click the Start button, type ncpa.cpl in the Search programs and files text box, and then press Enter. The Network Connections window opens.

2. Right-click the icon that represents your network adapter, and click Properties on the shortcut menu. A User Account Control dialog box may appear, asking if you want to allow the following program to make changes. Click Yes to proceed. Your adapter’s Network Connection Properties window appears.

3. Under the “This connection uses the following items” heading, select Internet Protocol Version 4 (TCP/IPv4), and then click Properties. The Internet Protocol version 4 (TCP/IPv4) Properties dialog box opens.

4. If you want to specify the DNS server your workstation relies on, rather than allowing DHCP to supply the DNS server address, verify that the General tab is still selected, and then click the Use the following DNS server addresses button.

5. Enter the IP address for your primary DNS server in the Preferred DNS server space and the address for your secondary DNS server in the Alternate DNS server space.

6. Click OK, click Close to save your changes, and then close the Network Connections window.

DDNS (Dynamic DNS)

DNS is a reliable way of locating a host as long as the host’s IP address remains relatively constant over time—that is, if it’s static. However, many Internet users subscribe to a type of Internet service in which their IP address changes periodically. For a user who only wants to send and receive e-mail and surf the Web, frequently changing IP addresses is not problematic. But for a user who wants to host a Web site, for example, it can be. To maintain the association between his Web site’s host or domain name and an IP address, such a user must change his computer’s DNS record and propagate this change across the Internet each time the IP address changes. When IP addresses change frequently, manually changing DNS records becomes unmanageable. A solution is to use DDNS (Dynamic DNS). In DDNS, a service provider runs a program on the user’s computer that notifies the service provider when the user’s IP address changes. Upon notification, the service provider’s server launches a routine that automatically updates the DNS record for that user’s computer. The DNS record update becomes effective throughout the Internet in a matter of minutes. Note that DDNS does not take the place of DNS, but is an additional service, available for a small fee. DDNS is a good option for home or small office users who maintain Web sites but do not want to pay the additional (often high) cost of reserving a static IP address.

However, because of the slight delay in DNS record propagation caused each time an IP address changes, larger organizations typically prefer to pay more for a statically assigned IP address. Associating host and domain names with computers on a TCP/IP-based network is performed by the Application layer protocol DNS. The following section describes other important Application layer protocols.

Application Layer Protocols

In addition to the core Transport and Internet layer protocols, the TCP/IP suite encompasses several Application layer protocols. These protocols work over TCP or UDP plus IP, translating user requests into a format the network can read. In Chapter 2, you learned about an Application layer protocol central to using the Web, HTTP. And earlier in this chapter, you learned about an Application layer protocol used for automatic address assignment, DHCP. The following sections describe some additional Application layer protocols. Throughout this book, and especially in Chapter 9, you’ll encounter even more TCP/IP Application layer protocols.

Telnet

Telnet is a terminal emulation protocol used to log on to remote hosts using the TCP/IP protocol suite. Using Telnet, a TCP connection is established via port 23 and keystrokes on the user’s machine act like keystrokes on the remotely connected machine. Often, Telnet is used to connect two dissimilar systems, such as PCs and UNIX machines. Through Telnet, you can control a remote host over a network. For example, network managers can use Telnet to log on to a router from a computer elsewhere on their LAN and modify the router’s configuration. Telnet, however, is notoriously insecure (meaning that someone with malicious intent could easily falsify the credentials Telnet requires to log on to a device successfully), so telnetting to a router across a public network would not be wise. Other, more secure methods of remotely connecting to a host have replaced Telnet for that reason. A popular alternative, known as SSH, is described in Chapter 11, which focuses on security.

FTP (File Transfer Protocol)

FTP (File Transfer Protocol) is an Application layer protocol used to send and receive files via TCP/IP using ports 20 and 21. In FTP exchanges, a host running the FTP server portion accepts commands from another host running the FTP client portion. FTP clients come with a set of simple commands that make up their user interfaces. To exchange data, the client depends on an FTP server that is always waiting for requests. After a client connects to the FTP server, FTP data are exchanged via TCP, which means that FTP provides some assurance of delivery.

FTP commands will work from your operating system’s command prompt; they do not require special client software. As a network professional, you may need to use these commands to download software (such as NOS patches or client updates) from hosts. For example, if you need the latest version of the Fedora Linux distribution, you can use FTP from your workstation’s command prompt to download the compressed software from a Fedora authorized FTP server to your hard disk. To do so, you can start the FTP utility by typing ftp from your operating system command (or shell) prompt.

The command prompt turns into the FTP prompt, FTP>. From there, you can run FTP commands. Alternatively, if you know what operation you want to perform, you can connect directly to an FTP server. For example to connect directly to the Fedora FTP server at Boston University (one of several that provides the software via FTP), type ftp fedora.bu.edu, and then press Enter. If the host is running, it responds with a greeting and a request for you to log on. Many FTP hosts, especially those whose purpose is to provide software updates accept anonymous logons. This means that when prompted for a username, you need only type the word anonymous (in lowercase letters) and press Enter. When prompted for a password on an anonymous FTP site, you can typically use your e-mail address. The host’s logon screen should indicate whether this is acceptable. On the other hand, if you are logging on to a private FTP site, you must obtain a valid username and password from the site’s network administrator to make a successful connection. After you have successfully connected to a host, additional commands allow you to manage the connection and manipulate files. To view a list of the variables you can use with FTP, type ftp help and press Enter.

Graphical FTP clients, such as WS_FTP, CuteFTP, and FileZilla, have rendered the command-line method of FTPing files less common. In many cases, you can also accomplish FTP file transfers directly from a modern Web browser. To do this, you need only point your browser to the FTP host. From there, you can move through directories and exchange files just as you would navigate the files and directories on your desktop or LAN server. As with Telnet, a more secure version of the FTP protocol has been developed. This protocol, known as SFTP, is discussed in Chapter 11.

FTP and Telnet share some similarities, including their reliance on TCP and their ability to log on to a remote host and perform commands on that host. However, they differ in that, when you use Telnet, the commands you type require a syntax that is relative to your local workstation. When you use FTP, the commands you type require a syntax that is relative to the remote host to which you have logged on. Also, Telnet has no built-in commands for transferring files between the remote host and your workstation.

TFTP (Trivial File Transfer Protocol)

TFTP (Trivial File Transfer Protocol) is another TCP/IP Application layer protocol that enables file transfers between computers, but it is simpler (or more trivial) than FTP. TFTP communicates via port 69. A significant difference between FTP and TFTP is that TFTP relies on UDP at the Transport layer. Its use of UDP means that TFTP is connectionless and does not guarantee reliable delivery of data. Also, TFTP does not require users to log on to the remote host with an ID and password in order to gain access to a directory and transfer files. Instead, when you enter the TFTP command, your computer issues a simple request to access the host’s files. The remote host responds with an acknowledgment, and then the two computers begin transferring data. Each time a packet of data is transmitted to the host, the local workstation waits for an acknowledgment from the host before issuing another packet. In this way, TFTP overcomes some of the limitations of relying on a connectionless Transport layer protocol. A final difference between FTP and TFTP is that the latter does not allow directory browsing. In FTP, you can connect to a host and navigate through all the directories you’ve been granted access to view.

TFTP is useful when you need to load data or programs on a computer that lacks a hard drive—that is, on a diskless workstation. For example, suppose a TFTP server holds Microsoft Excel. When a client issues a TFTP request for that program, the server would transmit the program files to the workstation’s memory. After the user completes his Excel work, the program files would be released from his workstation’s memory. In this situation, the fact that TFTP does not require a user to log on to a host is an advantage. It makes the transfer of program files quick and easy. As you can imagine, however, not requiring a logon also presents a security risk, so TFTP servers must be carefully placed and monitored on a network.

NTP (Network Time Protocol)

NTP (Network Time Protocol) is a simple but important Application layer protocol used to synchronize the clocks of computers on a network. NTP communicates via port 123 and depends on UDP for Transport layer services. Time is critical in routing to determine the most efficient path for data over a network. Time synchronization across a network is also important for time-stamped security methods and maintaining accuracy and consistency between multiple storage systems. NTP is a protocol that benefits from UDP’s quick, connectionless nature at the Transport layer. NTP is time sensitive and cannot wait for the error checking that TCP would require.

PING (Packet Internet Groper)

PING (Packet Internet Groper) is a utility that can verify that TCP/IP is installed, bound to the NIC, configured correctly, and communicating with the network. It is often employed simply to determine whether a host is responding (or “up”). PING uses ICMP services to send echo request and echo reply messages that determine the validity of an IP address. These two types of messages work in much the same way that sonar operates. First, a signal, called an echo request, is sent out to another computer. The other computer then rebroadcasts the signal, in the form of an echo reply, to the sender. The process of sending this signal back and forth is known as pinging. You can ping either an IP address or a host name. For example, to determine whether the www.loc.gov site is responding, you could type ping www.loc.gov and press Enter. Alternately, you could type ping 140.147.249.7 (the IP address of this site at the time this book was written) and press Enter. If the site is operating correctly, you receive a response that includes multiple replies from that host. If the site is not operating correctly, you will receive a response indicating that the request timed out or that the host was not found. You could also receive a “request timed out” message if your workstation is not properly connected to the network, or if the network is malfunctioning. Your ping test might also be unsuccessful if the organization whose host you tried to contact prevents its network devices from accepting or responding to PING commands for security reasons. By pinging the loopback address, 127.0.0.1, you can determine whether your workstation’s TCP/IP services are running. By pinging a host on another subnet, you can determine whether the problem lies with a connectivity device between the two subnets. For example, suppose that you have recently moved your computer from the Accounting Department to the Advertising Department, and now you cannot access the Web. The first test you should perform is pinging the loopback address. If that test is successful, then you know that your workstation’s TCP/IP services are running correctly.

Next, you might try pinging your neighbor’s machine. If you receive a positive response, you know that your network connection is working. You should then try pinging a machine on another subnet that you know is connected to the network—for example, a computer in the IT Department. If this test is unsuccessful, it is possible that you do not have the correct settings in your TCP/IP configuration or that something is wrong with your network’s connectivity (for example, a router may be malfunctioning). As with other TCP/IP commands, PING can be used with a number of different options, or switches, and the syntax of the command may vary depending on the operating system. But a ping command always begins with the word ping followed by a hyphen (-) and a switch, followed by a variable pertaining to that switch.

The following are some useful PING switches:

-?—Displays the help text for the ping command, including its syntax and a full list of switches.

-a—When used with an IP address, resolves the address to a host name.

-n—Allows you to specify a number of echo requests to send. For example, if you want to ping the Library of Congress site with only two echo requests (rather than the standard four that a Windows operating system uses), you could type the following command:

ping -n 2 www.loc.gov.

-r—When used with a number from 1 to 9, displays the route taken during ping hops.

To view the proper syntax and a list of switches available for PING, type ping at the command prompt on a Windows-based computer or at the shell prompt on a UNIX or Linux system. The PING utility as described previously works with networks running IPv4. On IPv6 networks, you must use a different version of the command that operates similarly. On Linux computers running IPv6, the ping6 utility will issue ICMP packets to determine whether a host is available.

For Windows computers, the command is ping -6 followed by the host or IP address. If the destination host does not run IPv6, however, your attempt will be unsuccessful. For example, typing ping -6 ipv6.google.com and pressing Enter at the command prompt on a Windows computer running IPv6 would result in the reply in a successful ping. Typing ping -6 www.google.com, a host not running IPv6, would result in an error message.

Chapter Summary

■ Protocols define the standards for communication between nodes on a network. The term protocol can refer to a group, or suite, of individual protocols that work together to accomplish data translation, data handling, error checking, and addressing.

■ Protocols vary by transmission efficiency, utilization of resources, ease of setup, compatibility, and ability to travel between one LAN segment and another. Protocols that can span more than one LAN are routable, which means they carry Network layer addressing information that can be interpreted by a router.

■ TCP/IP is the most popular protocol suite because of its low cost, open nature, ability to communicate between dissimilar platforms, and the fact that it is routable. It is a defacto standard on the Internet and is the protocol of choice on LANs.

■ The TCP/IP model is a practical way of categorizing protocols and services used on a TCP/IP network. Its Application layer roughly translates to the Application, Presentation, and Session layers of the OSI model. Its Transport layer is equivalent to the OSI model’s Transport layer. Its Internet layer is analogous to the OSI model’s Network layer. Its Network Interface layer, or Link layer, roughly equals the OSI model’s Data Link and Physical layers.

■ TCP (Transmission Control Protocol) belongs to the Transport layer of the TCP/IP and OSI models. TCP is a connection-oriented subprotocol; it requires a connection to be established between communicating nodes before it will transmit data. TCP provides reliability through checksum, flow control, and sequencing information.

■ UDP (User Datagram Protocol), like TCP, is a Transport layer protocol. UDP is a connectionless service and offers no delivery guarantees. But UDP is more efficient than TCP and useful in applications that require fast data transmission, such as videoconferencing.

■ IP (Internet Protocol) belongs to the Internet layer of the TCP/IP model and the Network layer of the OSI model. It provides information about how and where data should be delivered.

■ ARP (Address Resolution Protocol) belongs to the Internet layer of the TCP/IP model and the Network layer of the OSI model. It obtains the MAC (physical) address of a host, or node, and then creates a local database that maps the MAC address to the host’s IP (logical) address.

■ In IPv4, each IP address is a unique 32-bit number, divided into four octets (or bytes). Every IP address contains two types of information: network and host.

■ In traditional IPv4 addressing, all nodes on a Class A network share the first octet of their IP numbers, a number between 1 and 126. Nodes on a Class B network share the first two octets, and all their IP addresses begin with a number between 128 and 191. Class C network IP numbers share the first three octets, with their first octet being a number between 192 and 223.

■ Although computers read IPv4 addresses in binary form, humans usually read them in dotted decimal notation, in which a decimal number represents each octet and every number is separated by a period.

■ A subnet mask is a 32-bit number that indicates whether and how a network has been subnetted—that is, subdivided into multiple smaller networks—and indicates the difference between network and host information in an IPv4 address. Subnetting is implemented to more easily manage network traffic and conserve a limited number of IPv4 addresses.

■ IPv6 (IP version 6) is the latest version of IP. Its addresses are composed of eight 16-bit fields and total 128 bits. The larger address size results in an additional 2 available IP addresses compared with the earlier version, IPv4. IPv6 provides several other benefits over IPv4, including a more efficient header, better overall security, better prioritization allowances, and automatic IP address configuration.

■ IP addresses assigned manually are called static IP addresses; however, using static IP addresses allows for the possibility of assigning the same address to more than one device.

■ Dynamic IP address assignment can be achieved using DHCP (Dynamic Host Configuration Protocol). DHCP essentially eliminates duplicate-addressing problems.

■ The IPv4 addresses in the ranges 10.0.0.0 through 10.255.255.255, 172.16.0.0 through 172.31.255.255, and 192.168.0.0 through 192.168.255.255 are reserved for private addresses, or those used only within an organization’s network. These addresses cannot be used to identify hosts on the Internet.

■ A link-local address is a special kind of private address automatically assigned by an operating system to allow a node to communicate over its local subnet if a routable IP address is not available. ICANN has established the range of 169.254.0.0 through 169.254.254.255 as potential link-local IPv4 addresses. IPv6 link-local addresses begin with FE80. Zeroconf is a collection of protocols that manages link-local addressing.

■ A socket is a logical address assigned to a specific process running on a host. It forms a virtual circuit between the processes on two networked hosts. The socket’s address represents a combination of the host’s IP address and the port number associated with a process.

■ Every host is identified by a host name and belongs to a domain. A domain is a group of hosts that share a domain name and have part of their IP addresses in common.

■ Every domain is identified by its domain name. Usually, a domain name is associated with a company or other type of organization, such as a university or military unit. Domain names must be reserved with an ICANN-approved domain registrar.

■ DNS (Domain Name System or Domain Name Service) is a hierarchical way of tracking domain names and their addresses. The DNS database does not rely on one file or even one server, but rather is distributed over several key computers across the Internet to prevent catastrophic failure if one or a few computers go down.

■ Name servers or DNS servers contain databases of names and their associated IP addresses. If one name server cannot resolve the IP address, the query passes to a higher-level name server. Each name server manages a group of machines called a zone. DNS relies on the hierarchical zones and zone files to distribute naming information.

■ Some key TCP/IP Application layer protocols include Telnet (for logging on to hosts), FTP and TFTP (for transferring files between hosts), NTP (for synchronizing time between hosts), and PING (for sending echo requests and echo replies that can indicate whether a host is responding).

Key Terms

Address Resolution Protocol

See ARP.

address resource record

A type of DNS data record that maps the IP address of an Internet-connected device to its domain name.

alias

A nickname for a node's host name. Aliases can be specified in a local host file.

anycast address

A type of address specified in IPv6 that represents a group of interfaces, any one of which (and usually the first available of which) can accept a transmission. At this time, anycast addresses are not designed to be assigned to hosts, such as servers or workstations, but rather to routers.

APIPA (Automatic Private IP Addressing)

A service available on computers running one of the Windows operating systems that automatically assigns the computer's network interface a link-local IP address.

ARP (Address Resolution Protocol)

A core protocol in the TCP/IP suite that belongs in the Network layer of the OSI model. ARP obtains the MAC (physical) address of a host, or node, and then creates a local database that maps the MAC address to the host's IP (logical) address.

ARP cache

See ARP table.

ARP table

A database of records that maps MAC addresses to IP addresses. The ARP table is stored on a computer's hard disk where it is used by the ARP utility to supply the MAC addresses of network nodes, given their IP addresses.

Automatic Private IP Addressing

See APIPA.

Avahi

A version of Zeroconf available for use with the Linux operating system.

Bonjour

Apple's implementation of the Zeroconf group of protocols.

country code TLD

A top-level domain that corresponds to a country. For example, the country code TLD for Canada is .ca, and the country code TLD for Japan is .jp.

datagram

See data packet.

DDNS (Dynamic DNS)

A method of dynamically updating DNS records for a host. DDNS client computers are configured to notify a service provider when their IP addresses change, then the service provider propagates the DNS record change across the Internet automatically.

DHCP (Dynamic Host Configuration Protocol)

An Application layer protocol in the TCP/IP suite that manages the dynamic distribution of IP addresses on a network. Using DHCP to assign IP addresses can nearly eliminate duplicate-addressing problems.

DHCP scope

The predefined range of addresses that can be leased to any network device on a particular segment.

DHCP server

A server that manages IP address assignment, maintaining information about which addresses are allowable, which are available, and which have already been associated with a host.

DHCPv4

The version of DHCP used with IPv4. DHCPv4 uses port number 67 for clientto- server communications and port number 68 for server-to-client communications.

DHCPv6

The version of DHCP used with IPv6. DHCPv6 uses port number 546 for clientto- server communications and port number 547 for server-to-client communications.

diskless workstation

A workstation that doesn't contain a hard disk, but instead relies on a small amount of read-only memory to connect to a network and to pick up its system files.

DNS (Domain Name System or Domain Name Service)

A hierarchical way of tracking domain names and their addresses, devised in the mid-1980s. The DNS database does not rely on one file or even one server, but rather is distributed over several key computers across the Internet to prevent catastrophic failure if one or a few computers go down. DNS is a TCP/IP service that belongs to the Application layer of the OSI model.

DNS cache

A database on a computer that stores information about IP addresses and their associated host names. DNS caches can exist on clients as well as on name servers.

DNS server

See name server.

DNS zone

A portion of the DNS namespace for which one organization is assigned authority to manage.

domain

A group of computers that belong to the same organization and have part of their IP addresses in common.

domain name

The symbolic name that identifies a domain. Usually, a domain name is associated with a company or other type of organization, such as a university or military unit.

Domain Name Service

See DNS or Domain Name System.

Domain Name System

See DNS or Domain Name Service.

dotted decimal notation

The shorthand convention used to represent IPv4 addresses and make them more easily readable by humans. In dotted decimal notation, a decimal number between 0 and 255 represents each binary octet. A period, or dot, separates each decimal.

dual-stack

A type of network that supports both IPv4 and IPv6 traffic.

dynamic ARP table entry

A record in an ARP table that is created when a client makes an ARP request that cannot be satisfied by data already in the ARP table.

Dynamic DNS

See DDNS.

Dynamic Host Configuration Protocol

See DHCP.

Dynamic Host Configuration Protocol version 4

See DHCPv4.

Dynamic Host Configuration Protocol version 6

See DHCPv6.

dynamic IP address

An IP address that is assigned to a device upon request and may change when the DHCP lease expires or is terminated. BOOTP and DHCP are two ways of assigning dynamic IP addresses.

Dynamic Ports

TCP/IP ports in the range of 49,152 through 65,535, which are open for use without requiring administrative privileges on a host or approval from IANA.

echo reply

The response signal sent by a device after another device pings it.

echo request

The request for a response generated when one device pings another device.

File Transfer Protocol

See FTP.

flow

A sequence of packets issued from one source to one or many destinations. Routers interpret flow information to ensure that packets belonging to the same transmission arrive together. Flow information may also help with traffic prioritization.

Format Prefix

A variable-length field at the beginning of an IPv6 address that indicates what type of address it is (for example, unicast, anycast, or multicast).

FQDN (fully qualified domain name)

A host name plus domain name that uniquely identifies a computer or location on a network.

FTP (File Transfer Protocol)

An Application layer protocol used to send and receive files via TCP/IP.

fully qualified domain name

See FQDN or fully qualified host name.

fully qualified host name

See FQDN or fully qualified domain name.

hop

A term used to describe each trip a unit of data takes from one connectivity device to another. Typically, hop is used in the context of router-to-router communications.

hop limit

See TTL

host file

A text file that associates TCP/IP host names with IP addresses.

host name

A symbolic name that describes a TCP/IP device.

hosts

The name of the host file used on UNIX, Linux, and Windows systems. On a UNIXor Linux-based computer, hosts is found in the /etc directory. On a Windows-based computer, it is found in the %systemroot%system32driversetc folder.

ICMP (Internet Control Message Protocol)

A core protocol in the TCP/IP suite that notifies the sender that something has gone wrong in the transmission process and that packets were not delivered.

ICMPv6

The version of ICMP used with IPv6 networks. ICMPv6 performs the functions that ICMP, IGMP, and ARP perform in IPv4. It detects and reports data transmission errors, discovers other nodes on a network, and manages multicasting.

ifconfig

A TCP/IP configuration and management utility used with UNIX and Linux systems.

IGMP (Internet Group Management Protocol or Internet Group Multicast Protocol)

A TCP/IP protocol used on IPv4 networks to manage multicast transmissions. Routers use IGMP to determine which nodes belong to a multicast group, and nodes use IGMP to join or leave a multicast group.

Internet Control Message Protocol

See ICMP.

Internet Control Message Protocol version 6

See ICMPv6.

Internet Group Management Protocol

See IGMP or Internet Group Multicast Protocol.

Internet Group Multicast Protocol

See IGMP or Internet Group Management Protocol.

internetwork

To traverse more than one LAN segment and more than one type of network through a router.

IP datagram

See IP packet.

IP next generation

See IPv6.

IP packet

The IP portion of a TCP/IP frame that acts as an envelope for data, holding information necessary for routers to transfer data between subnets.

IP version 4 Link Local

See IPv4LL.

ipconfig

The utility used to display TCP/IP addressing and domain name information in the Windows client operating systems.

Ipng

See IPv6.

IPv4

IP version 4, the Internet Protocol standard released in the 1980s and still commonly used on modern networks. It specifies 32-bit addresses composed of four octets. It lacks the security, automatic addressing, and prioritization benefits of IPv6. It also suffers from a limited number of addresses, a problem that can be resolved by using IPv6 instead.

IPv4LL (IP version 4 Link Local)

A protocol that manages automatic address assignment among locally connected nodes. IPv4LL is part of the Zeroconf group of protocols.

IPv6 (IP version 6)

A newer standard for IP addressing that is gradually replacing the current IPv4 (IP version 4). Most notably, IPv6 uses a newer, more efficient header in its packets and allows for 128-bit source and destination IP addresses. The use of longer Key Terms 183 addresses will allow for many more IP addresses to be in circulation. IPv6 also provides automatic addressing, better security, and prioritization features.

label

A character string that represents a domain (either top-level, second-level, or third-level).

lease

The agreement between a DHCP server and client on how long the client can use a DHCP-assigned IP address. DHCP services can be configured to provide lease terms equal to any amount of time.

link-local address

An IP address that is automatically assigned by an operating system to allow a node to communicate over its local subnet if a routable IP address is not available. ICANN has established the range of 169.254.0.0 through 169.254.254.255 as potential link-local IPv4 addresses. IPv6 link-local addresses begin with FE80.

loopback address

An IP address reserved for communicating from a node to itself (used mostly for troubleshooting purposes). The IPv4 loopback address is always cited as 127.0.0.1, although in fact, transmitting to any IP address whose first octet is 127 will contact the originating device. In IPv6, the loopback address is represented as ::1.

loopback test

An attempt to contact one's own machine for troubleshooting purposes. In TCP/IP-based networking, a loopback test can be performed by communicating with an IPv4 address that begins with an octet of 127. Usually, this means pinging the address 127.0.0.1.

mask

See subnet mask or net mask.

multicast address

A type of address in the IPv6 that represents multiple interfaces, often on multiple nodes. An IPv6 multicast address begins with the following hexadecimal field: FF0x, where x is a character that identifies the address's group scope.

multicasting

A means of transmission in which one device sends data to a specific group of devices (not necessarily the entire network segment) in a point-to-multipoint fashion.

name server

A server that contains a database of TCP/IP host names and their associated IP addresses. A name server supplies a resolver with the requested information. If it cannot resolve the IP address, the query passes to a higher-level name server.

namespace

The database of Internet IP addresses and their associated names distributed over DNS name servers worldwide.

net mask

See subnet mask or mask.

network class

A classification for TCP/IP-based networks that pertains to the network's potential size and is indicated by an IP address's network ID and subnet mask. Network Classes A, B, and C are commonly used by clients on LANs; network Classes D and E are reserved for special purposes.

network ID

The portion of an IP address common to all nodes on the same network or subnet.

Network Time Protocol

See NTP.

NTP (Network Time Protocol)

A simple Application layer protocol in the TCP/IP suite used to synchronize the clocks of computers on a network. NTP depends on UDP for Transport layer services.

octet

One of the 4 bytes that are separated by periods and together make up an IPv4 address.

Packet Internet Groper

See PING.

ping

To send an echo request signal from one node on a TCP/IP-based network to another, using the PING utility. See also PING.

PING (Packet Internet Groper)

A TCP/IP troubleshooting utility that can verify that TCP/IP is installed, bound to the NIC, configured correctly, and communicating with the network. PING uses ICMP to send echo request and echo reply messages that determine the validity of an IP address.

ping6

The version of the PING utility used on Linux computers that run IPv6.

port number

The address on a host where an application makes itself available to incoming data.

private address

An IP address used only on an organization's internal network. Certain IP address ranges are reserved for private addresses. Private addresses cannot be used to communicate over the Internet.

Private Port

See Dynamic Ports.

public address

An IP address that is valid for use on public networks, such as the Internet. An organization assigns its hosts public addresses from the range of addresses assigned to it by Internet numbering authorities.

Registered Ports

The TCP/IP ports in the range of 1024 to 49,151. These ports are accessible to network users and processes that do not have special administrative privileges. Default assignments of these ports must be registered with IANA.

resolver

Any host on the Internet that needs to look up domain name information.

resource record

The element of a DNS database stored on a name server that contains information about TCP/IP host names and their addresses.

root server

A DNS server maintained by ICANN and IANA that is an authority on how to contact the top-level domains, such as those ending with .com, .edu, .net, .us, and so on. ICANN oversees the operation of 13 root servers around the world.

routable

The protocols that can span more than one LAN because they carry Network layer and addressing information that can be interpreted by a router.

socket

A logical address assigned to a specific process running on a computer. Some sockets are reserved for operating system functions.

static ARP table entry

A record in an ARP table that someone has manually entered using the ARP utility. Static ARP table entries remain the same until someone manually modifies them with the ARP utility.

static IP address

An IP address that is manually assigned to a device and remains constant until it is manually changed.

subnet

A part of a network in which all nodes shares a network addressing component and a fixed amount of bandwidth.

subnet mask

In IPv4 addressing, a 32-bit number that, when combined with a device's IP address, indicates what kind of subnet the device belongs to.

subnetting

The process of subdividing a single class of network into multiple, smaller networks.

subprotocols

The specialized protocols that work together and belong to a protocol suite.

switch

The letters or words added to a command that allow you to customize a utility's output. Switches are usually preceded by a hyphen or forward slash character.

TCP (Transmission Control Protocol)

A core protocol of the TCP/IP suite. TCP belongs to the Transport layer and provides reliable data delivery services.

TCP/IP (Transmission Control Protocol/Internet Protocol)

A suite of networking protocols that includes TCP, IP, UDP, and many others. TCP/IP provides the foundation for data exchange across the Internet.

TCP/IP core protocols

The major subprotocols of the TCP/IP suite, including IP, TCP, and UDP.

Telnet

A terminal emulation protocol used to log on to remote hosts using the TCP/IP protocol. Telnet resides in the Application layer of the OSI model.

TFTP (Trivial File Transfer Protocol)

A TCP/IP Application layer protocol that enables file transfers between computers. Unlike FTP, TFTP relies on UDP at the Transport layer and does not require a user to log on to the remote host.

Time to Live

See TTL.

TLD (top-level domain)

The highest-level category used to distinguish domain names-for example, .org, .com, and .net. A TLD is also known as the domain suffix.

top-level domain

See TLD.

Transmission Control Protocol

See TCP.

Transmission Control Protocol/Internet Protocol

See TCP/IP.

Trivial File Transfer Protocol

See TFTP.

TTL (Time to Live)

A number that indicates the maximum duration that a packet can remain on the network before it is discarded. Although this field was originally meant to represent units of time, on modern networks it represents the number of router hops a datagram has endured. The TTL for datagrams is variable and configurable, but is usually set at 32 or 64. Each time a datagram passes through a router, its TTL is reduced by 1.When a router receives a datagram with a TTL equal to 1, the router discards that datagram.

UDP (User Datagram Protocol)

A core protocol in the TCP/IP suite that sits in the Transport layer of the OSI model. UDP is a connectionless transport service.

unicast address

A type of IPv6 address that represents a single interface on a device.

User Datagram Protocol

See UDP.

Well Known Ports

The TCP/IP port numbers 0 to 1023, so named because they were long ago assigned by Internet authorities to popular services (for example, FTP and Telnet), and are, therefore, well known and frequently used.

Zero configuration

See Zeroconf.

Zeroconf (Zero configuration)

A collection of protocols that assigns link-local addresses, performs DNS functions, and discovers services, such as print services, available to the node.

zone file

A text file associated with a DNS zone that contains resource records identifying domains and their IP addresses.

zone transfer

In DNS, the act of copying a primary name server's zone file to the secondary name server to ensure that both contain the same information.

Review Questions

1. Which of the following occurs at the Network Access layer of the TCP/IP model?

a. Routing

b. Address translation

c. Password authentication

d. Signaling

2. What field in an IPv4 packet can be used to indicate that a packet should be routed before any other packets?

a. Flags field

b. Identification field

c. Differentiated Services field

d. Fragment offset field

3. What happens to an IPv6 packet when its hop limit reaches 0?

a. It is retransmitted by the connectivity device that last received it.

b. It is bounced back to its source node.

c. It is discarded.

d. It is assigned a new hop limit.

4. Before you connect to your office network, you want to verify that your workstation’s TCP/IPv6 protocols are functioning. Which of the following addresses do you ping?

a. ::1

b. FE08::0

c. 0::0

d. 1::1

5. What is the function of ARP?

a. To acknowledge that a data frame was received

b. To obtain the IP address of a host, then map that IP address to a registered domain name

c. To measure the number of dropped packets in a single transmission

d. To obtain the MAC address of a host, and then map that MAC address to the host's IP address

6. Which of the following applications would be best suited to multicasting?

a. Sending e-mail to your coworker

b. Participating in a company-wide video conference via the Internet

c. Updating an inventory database

d. Logging on to a host over the Internet

7. Suppose you have a workstation that uses the IP address 203.12.176.55 on a traditional IPv4 network. To what network class does the workstation belong?

a. A

b. B

c. C

d. D

8. How many bytes are used for an IPv4 address?

a. 4

b. 16

c. 31

d. 64

9. Suppose your computer's IP address is 155.61.9.188, and your network administrator has not subnetted the network to which you're connected. What is your computer's subnet mask?

a. 255.0.0.0

b. 255.255.0.0

c. 255.255.255.0

d. 255.255.255.255

10. Suppose you send data to the 11111111 11111111 11111111 11111111 IP address on an IPv4 network. To what device(s) are you transmitting?

a. Your own device

b. All devices that are reachable

c. All devices on your network segment

d. Your domain name server

11. Suppose you send data to an address that begins with the Format Prefix FF0E on a network running IPv6. To what device(s) are you transmitting?

a. All devices on your network segment

b. All devices that are reachable

c. Your own device

d. Your domain name server

12. If you are connected to a network that uses DHCP, and you need to terminate your Windows workstation's DHCP lease, which of the following commands would you use?

a. ipconfig /term

b. ipconfig /exit

c. ipconfig /release

d. ipconfig /stop

13. At a minimum, what fields would you find in a hosts file?

a. IP address and MAC address

b. IP address and host name

c. IP address and subnet mask

d. Host name and MAC address

14. What devices are the highest authorities in the domain name system hierarchy?

a. Root servers

b. Top-level domain routers

c. IANA-operated gateways

d. Authoritative hosts

15. Which of the following DNS records identifies a mail server?

a. mail1 IN A 178.99.201.12

b. mailserver IN AAAA 178.99.201.12

c. mail1 IN MX 178.99.201.12

d. mailserver IN PTR 178.99.201.12

16. On a client/server network running TCP/IPv4, what computer initiates the process of assigning an IP address through DHCP?

a. The DHCP server

b. The gateway

c. The client's primary authentication server

d. The client

17. You issue a transmission from your workstation to the following socket address on your LAN: 10.1.1.145:110. Assuming your network uses standard port designations, what Application layer protocol are you using?

a. FTP

b. POP

c. Telnet

d. HTTP

18. You are the network manager for a computer training center that allows clients to bring their own laptops to class for learning and taking notes. Clients need access to the Internet, so you have configured your network's DHCP server to issue them IP addresses automatically. What DHCP option should you modify to make sure you are not wasting addresses that were used by clients who have completed a class and no longer need them?

a. The number of available addresses in the DHCP pool

b. The subnet mask for client computers, to isolate their group of IP addresses

c. The priority with which DHCP address requests are handled by the server

d. The lease duration for client computers

19. Which of the following IP addresses might have been assigned by APIPA?

a. 169.180.23.5

b. 255.254.254.0

c. 192.285.128.3

d. 255.127.0.0

20. You have just set up a new wireless network in your house, and you want to determine whether your Linux laptop has connected to it and obtained a valid IP address. Which of the following commands will allow you to find the information you need?

a. ifconfig /all

b. ifconfig -a

c. ifconfig -n

d. ifconfig /net

Sample Quiz

1. The TCP/IP model described how protocols work even before the protocols were widely in use.

a. True

b. False

2. A(n) ________ is associated with a company or other type of organization, such as a university, government organization, or company.

a. domain name

b. network address

c. host name

d. unicast address

3. What protocol provides an automated means of assigning a unique IP address to devices on a network?

a. Internet Control Message Protocol (ICMP)

b. Automatic Private IP Addressing (AIPA)

c. Domain Name System (DNS)

d. Dynamic Host Configuration Protocol (DHCP)

4. What protocol allows a user to log on to remote hosts using the TCP/IP protocol suite?

a. File Transfer Protocol (FTP)

b. Telnet

c. Network Time Protocol (NTP)

d. Packet Internet Groper (PING)

5. TCP/IP is a suite of specialized protocols.

a. True

b. False

6. ________ is the process of subdividing a single class of networks into multiple, smaller logical networks, or segments.

a. Multiplexing

b. Segmenting

c. Masking

d. Subnetting

7. How does TCP provide reliable data delivery?

a. TCP uses flow control.

b. TCP uses loopback addressing.

c. TCP uses sequencing and checksums.

d. TCP uses a connectionless transport service.

8. A process's port number plus its host machine's IP address equals the process's socket.

a. True

b. False

9. The ________ subprotocol allows TCP/IP to internetwork.

a. Transmission Control Protocol (TCP)

b. User Data Protocol (UDP)

c. Internet Control Message Protocol (ICMP)

d. Internet Protocol (IP)

10. The ________ subprotocol reports on the success or failure of data delivery.

a. Address Resolution Protocol (ARP)

b. Internet Group Management Protocol (IGMP)

c. User Data Protocol (UDP)

d. Internet Control Message Protocol (ICMP)

11. IPv4 guarantees delivery of data.

a. True

b. False

12. In IPv6, the loopback address has a value of ________ .

a. 127.0.0.1

b. 0:0:0:1

c. 0:0:0:0:0:0:0:127

d. ::1

13. Every device on the Internet is technically known as a host.

a. True

b. False

14. Which statement is true with regard to IPv4 and IPv6?

a. IPv4 offers better prioritization provisions than IPv6.

b. IPv6 offers billions of additional IP addresses over IPv4.

c. IPv6 has a much lower cost of implementation than IPv4.

d. IPv4 offers better security than IPv6.

15. What TCP/IP and OSI model layer includes TCP?

a. Data Link

b. Application

c. Network Access

d. Transport

Practice Quiz

1. All protocols are routable.

a. True

b. False

2. Dynamic ARP table entries are those that someone has entered manually using the ARP utility.

a. True

b. False

3. ____ Ports are in the range of 1024 to 49151.

Registered

4. The FTP command ____ transfers a file from the host machine to the client.

TFTP

5. ____ is the precursor to today's Internet.

a. DNS

b. BOOTP

c. ARPANET

d. DHCP

6. TCP/IP is a ____ of protocols.

a. series

b. set

c. selection

d. suite

7. Which IPv6 address type represents a single interface on a device?

a. Unicast

b. Multicast

c. Anycast

d. Singlecast

8. Telnet is generally considered to be insecure.

a. True

b. False

9. The FTP command ____ provides a directory listing of files and subdirectories.

a. ls

b. mget

c. mput

d. open

10. A(n) ____ can contain two types of entries: dynamic and static.

ARP table

11. On an IP datagram, the ____ field informs routers what level of precedence they should apply when processing the incoming packet.

a. Differentiated Services (DiffServ)

b. total length

c. version

d. Time to Live

12. ____ is a process of subdividing a single class of networks into multiple, smaller logical networks, or segments.

Subnetting

13. The range of addresses beginning with ____ is reserved for a device communicating with itself, or performing loopback communication.

a. 60

b. 80

c. 127

d. 145

14. ________________ are in the range of 0 to 1023 and are assigned to processes that only the operating system or an administrator of the system can access.

a. Registered Ports

b. Dynamic Ports

c. Static Ports

d. Well Known Ports

15. Host files are the best automated solution for assigning IP addresses.

a. True

b. False

16. Most FTP hosts, especially those whose purpose is to provide software updates, do not accept anonymous logons.

a. True

b. False

17. The command used to view IP information on a Windows XP or Windows Vista workstation is ipconfig.

a. True

b. False

18. It is unacceptable to leave APIPA enabled if it is not needed.

a. True

b. False

19. Resolvers are any hosts on the Internet that need to look up domain name information.

a. True

b. False

20. _ ____ is a de facto standard on the Internet and has become the protocol of choice on LANs and WANs.

a. TCP/IP

b. Transmission Control Protocol/Internet Protocol

21. A domain name is represented by a series of character strings, called ____, separated by dots.

a. labels

b. features

c. echo replies

d. hosts

22. IPv6 addresses are composed of ____ bits.

a. 32

b. 64

c. 128

d. 256

23. The term ____ refers to the database of Internet IP addresses and their associated names.

namespace

24. Port numbers are assigned either by the operating system or by software programs that rely on them.

a. True

b. False

CHAPTER QUIZ

1. Whether connecting to the Internet or to another computer within a LAN, every node on a network must have a unique ____________________.

IP address

2. Protocols that can span more than one LAN (or LAN segment) are ____________________, because they carry Network layer addressing information that can be interpreted by a router.

routable

3. ____ is a simple Application layer protocol used to synchronize the clocks of computers on a network.

a. NNTP

b. PING

c. NTP

d. ARP

4. If your network does not need or use APIPA, it must be uninstalled to avoid conflicts.

a. True

b. False

5. ____ is a terminal emulation protocol used to log on to remote hosts using the TCP/IP protocol suite.

a. FTP

b. Telnet

c. NTP

d. NNTP

6. In IPv6, each address contains a_________, or a variable-length field at the beginning of the address that indicates what type of address it is.

a. Format Prefix

b. Address Prefix

c. Field Prefix

d. Variable Prefix

7. ____________________ is a process of subdividing a single class of networks into multiple, smaller logical networks, or segments.

Subnetting

8. In IPv4 addressing, a node with an IP address of 168.34.88.29 belongs to a Class ____ network.

a. A

b. B

c. C

d. D

9. TCP is a____ subprotocol.

a. connection-oriented

b. connectionless

c. open-ended

d. indiscriminating

10. In dotted decimal notation, a ____ separates each decimal.

a. period

b. colon

c. slash

d. dash

11. In IPv4 addressing, each IP address is a unique ____ number.

a. 12-bit

b. 32-bit

c. 64-bit

d. 128-bit

12. TCP ensures reliable data delivery through sequencing and ____________________.

checksums

13. In IPv4 addressing, an IP address whose first octet is in the range of 192–223 belongs to a Class ____ network.

a. A

b. B

c. C

d. D

14. The command used to view IP information on a Windows workstation is ipconfig.

a. True

b. False

15. ____ ARP table entries are created when a client makes an ARP request that cannot be satisfied by data already in the ARP table.

a. Temporary

b. Dynamic

c. On-demand

d. Static

16. If the standard port number for the Telnet service is 23, a host whose IPv4 address is 10.43.3.87 has a socket address for Telnet of ____.

a. 10.43.3.87:23

b. 10.43.3.87-23

c. 23:10.43.3.87

d. 10.43.3.87/23

17. The subprotocol that enables TCP/IP to internetwork - that is, to traverse more than one LAN segment and more than one type of network through a router is ____.

a. TCP

b. IP

c. ICMP

d. UDP

18. A UDP header contains ____fields.

a. four

b. six

c. eight

d. ten

19. In the TCP/IP protocol suite, ____ is the core protocol responsible for logical addressing.

a. UDP

b. ARP

c. IP

d. TCP

20. The format of ARP tables is the same from one operating system to another.

a. True

b. False

21. ____ operates at the Network layer and manages multicasting.

a. ICMP

b. UDP

c. IP

d. IGMP

22. A ____ number is the address on a host where an application makes itself available to incoming or outgoing data.

a. application

b. destination

c. port

d. source

23. ICMP (Internet Control Message Protocol) reports on the success or failure of data delivery.

a. True

b. False

24. ____ is a utility that can verify that TCP/IP is installed, bound to the NIC, configured correctly, and communicating with the network.

a. FTP

b. Telnet

c. PING

d. ARP

25. In the domain name www.google.com, ____ is the top-level domain (TLD).

a. www

b. google

c. http

d. com

Pages

CTS1134 - Networking Technologies

Chapter 4 Review

Labels

Popular Posts

Blog Archive