Chapter 9 - Review

Network+ Guide to Networks, Chapter 9 Review

Network Operating Systems

In Chapter 4, you learned about core protocols and subprotocols in the TCP/IP protocol suite, addressing schemes, and host and domain naming. You also learned that TCP/IP is a complex and highly customizable protocol suite. This chapter builds on these basic concepts, examining how TCP/IP-based networks are designed and analyzed. It also describes the services and applications that TCP/IP-based networks commonly support. If you are unclear about the concepts related to IP addressing or binary-to-decimal conversion, take time to review Chapter 4 before reading this chapter.

Designing TCP/IP-Based Networks

By now, you understand that most modern networks rely on the TCP/IP protocol suite, not only for Internet connectivity, but also for transmitting data over private connections. Before proceeding with TCP/IP network design considerations, it’s useful to briefly review some TCP/IP fundamentals. For example, you have learned that IP is a routable protocol, and that on a network using TCP/IP each interface is associated with a unique IP address. Some nodes may use multiple IP addresses. For example, on a router that contains two NICs, each NIC can be assigned a separate IP address. Or, on a Web server that hosts multiple Web sites—such as one managed by an ISP—each Web service associated with a site can have a different IP address.

In Chapter 4, you learned about two versions of IP: IPv4 and IPv6. Recall that IPv4 addresses consist of four 8-bit octets (or bytes) that can be expressed in either binary (for example, 10000011 01000001 00001010 00100100) or dotted decimal (for example, 131.65.10.36) notation. Many networks assign IP addresses and host names dynamically, using DHCP, rather than statically. In addition, every IPv4 address can be associated with a network class—A, B, C, D, or E (though Class D and E addresses are reserved for special purposes). Anode’s network class provides information about the segment or network to which the node belongs. The following sections explain how network and host information in an IPv4 address can be manipulated to subdivide networks into smaller segments.

Subnetting

Subnetting separates a network into multiple logically defined segments, or subnets. Networks are commonly subnetted according to geographic locations (for example, the floors of a building connected by a LAN, or the buildings connected by a WAN), departmental boundaries, or technology types. Where subnetting is implemented, each subnet’s traffic is separated from every other subnet’s traffic. A network administrator might separate traffic to accomplish the following:

Enhance security - Subnetworks must be connected via routers or other Layer 3 devices. As you know, these devices do not retransmit incoming frames to all other nodes on the same segment (as a hub does). Instead, they forward frames only as necessary to reach their destination. Because every frame is not indiscriminately retransmitted, the possibility for one node to tap into another node’s transmissions is reduced.

Improve performance - For the same reason that subnetting enhances security, it also improves performance on a network. When data is selectively retransmitted, unnecessary transmissions are kept to a minimum. Subnetting is useful for limiting the amount of broadcast traffic—and, therefore, the amount of potential collisions on Ethernet networks—by decreasing the size of each broadcast domain. The more efficient use of bandwidth results in better overall network performance.

Simplify troubleshooting - For example, a network administrator might subdivide an organization’s network according to geography, assigning a separate subnet to the nodes in the downtown office, west-side office, and east-side office of her company. Suppose one day the network has trouble transmitting data only to a certain group of IP addresses—those located on the west-side office subnet. When troubleshooting, rather than examining the whole network for errors or bottlenecks, the network administrator needs only to see that the faulty transmissions are all associated with addresses on the west-side subnet to know that she should zero in on that subnet.

To understand how and why subnetting is implemented, it’s useful to first review IPv4 addressing conventions on a network that does not use subnetting.

Classful Addressing in IPv4

In Chapter 4, you learned about the first and simplest type of IPv4 addressing, which is known as classful addressing because it adheres to network class distinctions. Recall that all IPv4 addresses consist of network and host information. In classful addressing, the network information portion of an IPv4 address (the network ID) is limited to the first 8 bits in a Class A address, the first 16 bits in a Class B address, and the first 24 bits in a Class C address. Host information is contained in the last 24 bits for a Class A address, the last 16 bits in a Class B address, and the last 8 bits in a Class C address. Figure 9-1 on page 400, which should look familiar from Chapter 4’s discussion of IP addressing, illustrates how network and host information is separated in classful IPv4 addressing. Figure 9-2 on page 401, offers some sample IPv4 addresses separated into network and host information according to the classful addressing convention. Adhering to a fixed network ID size ultimately limits the number of hosts a network can include. For example, leasing an entire Class C network of addresses gives you only 254 usable IPv4 addresses. In addition, using classful addressing makes it difficult to separate traffic from various parts of a network. As you have learned, separating traffic offers many practical benefits. For example, if an organization used an entire Class B network of addresses, it could have up to 65,534 hosts all on one network segment. Imagine the challenges involved in managing such a highly populated network, not to mention the poor performance that would result. In 1985, because of the difficulty of managing a whole network class of addresses and the dwindling supply of usable IPv4 addresses, computer scientists introduced subnetting.

Depending on the source, you may find the term network ID used interchangeably with the terms network number or network prefix.

IPv4 Subnet Masks

Subnetting depends on the use of subnet masks to identify how a network is subdivided. A subnet mask indicates where network information is located in an IPv4 address. The bits in a subnet mask that are assigned the number 1 indicate that corresponding bits in an IPv4 address contain network information. The bits that are assigned the number 0 indicate that corresponding bits in an IP address contain host information. For example, a subnet mask of 11111111 11111111 11111111 00000000, or 255.255.255.0 in dotted decimal notation, indicates that the first three octets of all IP addresses belonging to that subnet will contain network information. The last octet will contain host information. As you have learned, 255.255.255.0 is the default subnet mask for Class C IPv4 addresses. Each network class is associated with a default subnet mask, as shown in Table 9-1. For example, by default, a Class A address’s first octet (or 8 bits) represents network information and is composed of all 1s. That means that if you work on a network whose hosts are configured with a subnet mask of 11111111 00000000 00000000 00000000, or 255.0.0.0, you know that the network is using Class A addresses.

Furthermore, you can tell that the network is not using subnetting because 255.0.0.0 is the default subnet mask for a Class A network. If the network had been subnetted, the subnet mask would be modified. To calculate a host’s network ID given its IPv4 address and subnet mask, you follow a logical process of combining bits known as ANDing. In ANDing, a bit with a value of 1 plus another bit with a value of 1 results in a 1. A bit with a value of 0 plus any other bit results in a 0. If you think of 1 as “true” and 0 as “false,” the logic of ANDing makes sense.

Table 9-1 Default IPv4 subnet masks

Network class	Default subnet mask (binary)	Number of bits used for network information	Default subnet mask (dotted decimal)
A	11111111 00000000 00000000 00000000	8	255.0.0.0
B	11111111 11111111 00000000 00000000	16	255.255.0.0
C	11111111 11111111 11111111 00000000	24	255.255.255.0

Adding a true statement to a true statement still results in a true statement. But, adding a true statement to a false statement results in a false statement. ANDing logic is demonstrated in Table 9-2, which provides every possible combination of having a 1 or 0 bit in an IPv4 address or subnet mask.

Table 9-2 ANDing

IP address bit	1	1	0
Subnet mask bit	1	0	1
Resulting bit	1	0	0

A sample IPv4 host address, its default subnet mask, and its network ID are shown in Figure 9-3 on page 402, in both binary and dotted decimal notation. Notice that the address’s fourth octet could have been composed of any combination of 1s and 0s, and the network ID’s fourth octet would still be all 0s. At this point, you should understand how to determine a host’s network ID given its IPv4 address and subnet mask. This section explained how to apply ANDing logic to an IPv4 address plus a default subnet mask, but it works just the same way for networks that are subnetted and have different subnet masks, as you will soon learn. Before learning how to create subnets, however, it is necessary to understand the types of addresses that cannot be used as subnet masks or host addresses.

Special Addresses

As you learned in Chapter 4, certain types of IP addresses cannot be assigned to a network interface on a node or used as subnet masks. Table 9-3 lists some of the IPv4 addresses and ranges reserved for special functions.

Table 9-3 IPv4 addresses reserved for special functions

IPv4 address(es)	Function
127.0.0.1	Loopback
10.0.0.0 through 10.255.255. 255	Private
172.16.0.0 through 172.31.255.255	Private
192.168.0.0 through 192.168.255.255	Private
169.254.1.0 through 169.254.254.255	Link local
Addresses whose host information = 255 (for example, 199.34.89.255)	Broadcast
Addresses whose host information = 0 (for example, 199.34.89.0)	Network ID

For example, in IPv4, the address 127.0.0.1 is reserved for the loopback address. Some addresses are reserved as private or link local addresses. Another special IP address is the broadcast address for a network or segment. In a broadcast address, the octet(s) that represent the host information are set to equal all 1s, or in decimal notation, 255. In the example in Figure 9-3, the broadcast address would be 199.34.89.255. If a workstation on that network sent a message to the address 199.34.89.255, it would be issued to every node on the segment. Still another type of special address is the network ID. In a network ID, as you know, bits available for host information are set to 0. Therefore, a workstation on the sample network used in Figure 9-3 could not be assigned the IP address 199.34.89.0 because that address is the network ID. When using classful IPv4 addressing, a network ID always ends with an octet of 0 (and may have additional, preceding octets equal to 0). However, when subnetting is applied and a default subnet mask is no longer used, a network ID may have other decimal values in its last octet(s). Because the octets equal to 0 and 255 are reserved, only the numbers 1 through 254 can be used for host information in an IPv4 address. Thus, on a network that followed the example in Figure 9-3, the usable host addresses would range from 199.34.89.1 to 199.34.89.254. If you subnetted this network, the range of usable host addresses would be different. As in IPv4, in IPv6 certain addresses are reserved for special functions and cannot be assigned to a subnet or a node’s network interface. For example, in Chapter 4, you learned that the IPv6 loopback address is 0:0:0:0:0:0:0:1, or, in compressed notation, ::1. Link local addresses in IPv6 always begin with FE80. Multicast addresses in IPv6 always begin with FF. The next section describes how IPv4 subnets are created and how you can determine the range of usable host addresses on a subnet. Later in the chapter, you will learn how subnetting differs in IPv6. IPv4 Subnetting Techniques Subnetting alters the rules of classful IPv4 addressing. To create a subnet, you must borrow bits that would represent host information in classful addressing and use those bits to instead represent network information. By doing so, you reduce the number of bits available for identifying hosts. Consequently, you reduce the number of usable host addresses per subnet. The number of hosts and subnets available after subnetting is related to how many host information bits you borrow for network information.

Table 9-4 illustrates the numbers of subnets and hosts that can be created by subnetting a Class B network. Notice the range of subnet masks that can be used instead of the default Class B subnet mask of 255.255.0.0. Also compare the listed numbers of hosts per subnet to the 65,534 hosts available on a Class B network that does not use subnetting.

Table 9-4 IPv4 Class B subnet masks

Subnet mask	Number of subnets on Network	Number of hosts per subnet
255.255.192.0 or 11111111 11111111 11000000 00000000	2	16,382
255.255.224.0 or 11111111 11111111 11100000 00000000	6	8190
255.255.240.0 or 11111111 11111111 11110000 00000000	14	4094
255.255.248.0 or 11111111 11111111 11111000 00000000	30	2046
255.255.252.0 or 11111111 11111111 11111100 00000000	62	1022
255.255.254.0 or 11111111 11111111 11111110 00000000	126	510
255.255.255.0 or 11111111 11111111 11111111 00000000	254	254
255.255.255.128 or 11111111 11111111 11111111 10000000	510	126
255.255.255.192 or 11111111 11111111 11111111 11000000	1022	62
255.255.255.224 or 11111111 11111111 11111111 11100000	2046	30
255.255.255.240 or 11111111 11111111 11111111 11110000	4094	14
255.255.255.248 or 11111111 11111111 11111111 11111000	8190	6
255.255.255.252 or 11111111 11111111 11111111 11111100	16,382	2

Table 9-5 illustrates the numbers of subnets and hosts that can be created by subnetting a Class C network. Notice that a Class C network allows for fewer subnets than a Class B network. This is because Class C addresses have fewer host information bits that can be borrowed for network information. In addition, fewer bits are left over for host information, which leads to a lower number of hosts per subnet than the number available to Class B subnets.

Table 9-5 IPv4 Class C subnet masks

Subnet mask	Number of subnets on network	Number of hosts per subnet
255.255.255.192 or 11111111 11111111 11111111 1100000	2	62
255.255.255.224 or 11111111 11111111 11111111 1110000	6	30
255.255.255.240 or 11111111 11111111 11111111 1111000	14	14
255.255.255.248 or 11111111 11111111 11111111 1111100	30	6
255.255.255.252 or 11111111 11111111 11111111 1111110	62	2

Calculating IPv4 Subnets

Now that you have seen the results of subnetting, you are ready to try subnetting an IPv4 network. Suppose you have leased the Class C network whose network ID is 199.34.89.0 and you want to divide it into six subnets to correspond to the six different departments in your company. The formula for determining how to modify a default subnet mask is: 2ⁿ- 2 = Y; where n equals the number of bits in the subnet mask that must be switched from 0 to 1, and Y equals the number of subnets that result. Notice that this formula subtracts 2 from the total number of possible subnets—that is, from the calculation of 2 to the power of the number of the bits that equal 1. That’s because in traditional subnetting, bit combinations of all 0s or all 1s are not allowed for identifying subnets—just as host addresses ending in all 0s or all 1s are not allowed because of addresses reserved for the network ID and broadcast transmissions. (However, in the next section of this chapter, you will learn why this equation doesn’t apply to all modern networks.) Because you want six separate subnets, the equation becomes 6 = 2ⁿ - 2. Because 6 + 2 = 8 and 8 = 2³, you know that the value of n equals 3. Therefore, three additional bits in the default subnet mask for your Class C network must change from 0 to 1. As you know, the default subnet mask for a Class C network is 255.255.255.0, or 11111111 11111111 111111110000000. In this default subnet mask, the first 24 bits indicate the position of network information. Changing three of the default subnet mask’s bits from host to network information leaves you with a subnet mask of 11111111 111111111 11111111 11100000. In this modified subnet mask, the first 27 bits indicate the position of network information. Converting from binary to the more familiar dotted decimal notation, this subnet mask becomes 255.255.255.224. When you configure the TCP/IP properties of clients on your network, you would specify this subnet mask. Now that you have calculated the subnet mask, you still need to assign IP addresses to nodes based on your new subnetting scheme. Recall that you have borrowed 3 bits from what used to be host information in the IP address. That leaves 5 bits instead of 8 available in the last octet of your Class C addresses to identify hosts. Adding the values of the last 5 bits, 16+8+4+2+1, equals 31, for a total of 32 potential addresses (0 through 31). However, as you have learned, one address is reserved for the network ID and cannot be used.

Another address is reserved for the broadcast ID and cannot be used. Thus, using 5 bits for host information allows a maximum of 30 different host addresses for each of the six subnets. So, in this example, you can have a maximum of 6 x 30, or 180, unique host addresses on the network.

Table 9-6 lists the network ID, broadcast address, and usable host addresses for each of the six subnets in this sample Class C network. Together, the additional bits used for subnet information plus the existing network ID are known as the extended network prefix. The extended network prefix for each subnet is based on which of the additional (borrowed) network information bits are set to equal 1. For example, in subnet number 1, only the third bit of the three is set to 1, making the last octet of the extended network prefix 00100000, or in decimal notation, 32. In subnet number 2, only the second bit is set to 1, making the last octet of the extended network prefix 01000000, or 64.

Table 9-6 Subnet information for six subnets in a sample IPv4 Class C network

Subnet number	Extended network prefix	Broadcast address	Usable host addresses
1	199.34.89.32 or 11000111 00100010 01011001 00100000	199.34.89.63 or 11000111 00100010 01011001 00111111	199.34.89.33 through 199.34.89.62
2	199.34.89.64 or 11000111 00100010 01011001 01000000	199.34.89.95 or 11000111 00100010 01011001 01011111	199.34.89.65 through 199.34.89.94
3	199.34.89.96 or 11000111 00100010 01011001 01100000	199.34.89.127 or 11000111 00100010 01011001 01111111	199.34.89.97 through 199.34.89.126
4	199.34.89.128 or 11000111 00100010 01011001 10000000	199.34.89.159 or 11000111 00100010 01011001 10011111	199.34.89.129 through 199.34.89.158
5	199.34.89.160 or 11000111 00100010 01011001 10100000	199.34.89.191 or 11000111 00100010 01011001 10111111	199.34.89.161 through 199.34.89.190
6	199.34.89.192 or 11000111 00100010 01011001 11000000	199.34.89.223 or 11000111 00100010 01011001 11011111	199.34.89.193 through 199.34.89.222

Class A, Class B, and Class C networks can all be subnetted. But because each class reserves a different number of bits for network information, each class has a different number of host information bits that can be used for subnet information. The number of hosts and subnets on your network will vary depending on your network class and the way you use subnetting. Enumerating the dozens of subnet possibilities based on different arrangements and network classes is beyond the scope of this book. However, several Web sites provide excellent tools that help you calculate subnet information. One such site is www.subnetmask.info. If you use subnetting on your LAN, only your LAN’s devices need to interpret your devices’ subnetting information. Routers external to your LAN, such as those on the Internet, pay attention to only the network portion of your devices’ IP addresses when transmitting data to them. As a result, devices external to a subnetted LAN (such as routers on the Internet) can direct data to those LAN devices without interpreting the LAN’s subnetting information. Figure 9-4 on page 407, illustrates a situation in which a LAN running IPv4 has been granted the Class C range of addresses that begin with 199.34.89. The network administrator has subnetted this Class C network into six smaller networks with the network IDs listed in Table 9-5. As you know, routers connect different network segments via their physical interfaces. In the case of subnetting, a router must interpret IP addresses from different subnets and direct data from one subnet to another. Each subnet corresponds to a different port on the router. When a router on the internal LAN needs to direct data from a machine with the IP address of 199.34.89.73 to a machine with the IP address of 199.34.89.114, its interpretation of the workstations’ subnet masks (255.255.255.224) plus the host information in the IP addresses tell the router that they are on different subnets.

The router forwards data between the two subnets (or ports). In this figure, the devices connecting subnets to the router are labeled switches, but they could also be routers or access points. Alternatively, nodes having different extended network prefixes could be directly connected to the router so that each subnet is associated with only one device, though this is an unlikely configuration. When a server on the Internet attempts to deliver a Web page to the machine with IP address 199.34.89.73, however, the Internet router does not use the subnet mask information. It only knows that the machine is on a Class C network beginning with a network ID of 199.34.89. That’s all the information it needs to reach the organization’s router. After the data enters the organization’s LAN, the LAN’s router then interprets the subnet mask information as if it were transmitting data internally to deliver data to the machine with IP address 199.34.89.73. Because subnetting does not affect how a device is addressed by external networks, a network administrator does not need to inform Internet authorities about new segments created via subnetting. You have learned how to subdivide an IPv4 network into multiple smaller segments through subnetting. Next, you’ll learn about more contemporary variations on this method. CIDR (Classless Interdomain Routing) By 1993, the Internet was growing exponentially, and the demand for IP addresses was growing with it. The IETF (Internet Engineering Task Force) recognized that additional measures were necessary to increase the availability and flexibility of IP addresses. In response to this need, the IETF devised CIDR (Classless Interdomain Routing), which is sometimes called classless routing or supernetting. CIDR (pronounced cider) is not exclusive of subnetting; it merely provides additional ways of arranging network and host information in an IP address. In CIDR, conventional network class distinctions do not exist. For example, the previous section described subdividing a Class C network into six subnets of 30 addressable hosts each. To achieve this, the subnet boundary (or length of the extended network prefix) was moved to the right—from the default 24th bit to the 27th bit—into what used to be the host information octet. In CIDR, a subnet boundary can move to the left. Moving the subnet boundary to the left allows you to use more bits for host information and, therefore, generate more usable IP addresses on your network.

A subnet created by moving the subnet boundary to the left is known as a supernet. Figure 9-5 on page 408, contrasts examples of a Class C supernet mask with a subnet mask. Notice that in Figure 9-5, 27 bits are used for network information in the subnet mask, whereas only 22 bits are used for network information in the supernet mask. Suppose that you have leased the Class C range of IPv4 addresses that shares the network ID 199.34.89.0 and, because of growth in your company, you need to greatly increase the number of host addresses this network allows by default. By changing the default subnet mask of 255.255.255.0 (11111111 11111111 11111111 00000000) to 255.255.252.0 (1111111111111111 11111100 00000000), as shown in Figure 9-5, you can make available two extra bits for host information. Adding the values of the last 10 bits, 512+256+128+64 + 32+16+8+4+2+1, equals1023, which leads to 1024 (0 through 1023) potential host addresses on each subnet. However, as you know, two addresses are reserved and, therefore, are unusable as host addresses. Thus, the actual number of host addresses available on this subnet is 1022. In this example, you have subtracted information from the host portion of the IP address. Therefore, the IP addresses that result from this subnetting scheme will be different from the IP addresses you would use if you had left the network ID untouched (as in the subnetting example used in the previous section). The calculation for the new network ID is shown in Figure 9-6 on page 409. For this sample subnetted Class C network, the potential host addresses fall in the range of 199.34.88.1 to 199.34.91.254. The broadcast address is 199.34.91.255. With CIDR also came a new shorthand for denoting the position of subnet boundaries, known as CIDR notation (or slash notation). CIDR notation takes the form of the network ID followed by a forward slash (/), followed by the number of bits that are used for the extended network prefix. For example, for the Class C network whose network ID is 199.34.89.0 and which was divided into six subnets, the slash notation would be 199.34.89.0/27 because 27 bits of the subnets’ addresses are used for the extended network prefix.

The CIDR notation for the Class C network used as an example of supernetting earlier in this section would be 199.34.89.0/22. In CIDR terminology, the forward slash, plus the number of bits used for the extended network prefix—for example, /22—is known as a CIDR block. To take advantage of classless routing, your network’s routers must be able to interpret IP addresses that don’t adhere to conventional network class parameters. Routers that rely on older routing protocols, such as RIP, are not capable of interpreting classless IP addresses.

Subnetting in IPv6

In Chapter 4, you learned that IPv6 addresses are composed of 128 bits, compared with IPv4’s 32-bit addresses. That means 2 IPv4’s 2¹²⁸addresses are available in IPv6, compared with available addresses. Given so many addresses, an ISP can offer each of its customers an entire IPv6 subnet, or thousands of addresses, rather than a handful of IPv4 addresses that must be shared among all the company’s nodes. That’s only one example of how subnetting helps network administrators manage the enormous volume of IPv6 addresses. Subnetting in IPv6 is simpler than subnetting in IPv4. One substantial difference is that unlike IPv4 addressing, IPv6 addressing does not use classes. There are no IPv6 equivalents to IPv4’s Class A, Class B, or Class C networks. Every IPv6 address is classless. Furthermore, subnet masks are not used in IPv6. Recall that a unicast address is an address assigned to a single interface on the network. Also recall that every unicast address can be represented in binary form, but is more commonly written as eight blocks of four hexadecimal characters separated by colons.

For example, 2608:FE10:1:A:002:50FF:FE2B:E708 is a valid IPv6 address. In every unicast address, the last four blocks, which equate to the last 64 bits, identify the interface. (On many IPv6 networks, those 64 bits are based on the interface’s EUI-64 MAC address.) The first four blocks indicate the 64-bit subnet prefix, as shown in Figure 9-7 on page 410. Interfaces that share a subnet prefix belong to the same subnet.

In the IPv6 address 2608:FE10:1:A:002:50FF:FE2B:E708, the subnet prefix is 2608:FE10:1:A and the interface ID is 002:50FF:FE2B:E708. You may see subnet prefixes represented as, for example, 2608:FE10:1:A::/64, where the number of bits that identify a subnet follow a slash. However, technically speaking, a subnet is always represented by the leftmost 64 bits in an address, making the slash notation unnecessary. Given 64 bits for network information and 64 bits for interface information, a single IPv6 subnet is capable of supplying 18,446,744,073,709,551,616 IPv6 addresses. Besides subdividing IPv6 interfaces according to subnet, IPv6 enables network administrators to more generally group interfaces that belong to the same route by specifying a route prefix. Because route prefixes vary in length, the slash notation is necessary when defining them. For example, the route prefix indicated by 2608:FE10::/32 includes all subnets whose prefixes begin with 2608:FE10 and, consequently, all interfaces whose IP addresses begin with 2608:FE10. As shown in Figure 9-8 on page 411, a national NSP might assign a regional ISP a block of addresses that share a 32-bit route prefix, such as 2608:FE10::/32. That regional ISP, in turn, might assign a local ISP a block of addresses that share the same 48-bit route prefix, such as 2608:FE10:1::/48. Finally, the local ISP could assign one of its large business customers a subnet—that is, a block of IPv6 addresses that share the same 64-bit subnet prefix, such as 2608:FE10:1:A::/64. Now that you have learned how subnets are handled differently in IPv4 and IPv6 addressing, you are ready to take a closer look at gateways, which play a critical role in all networks.

Internet Gateways

As you have learned, a gateway is a combination of software and hardware that enables two different network segments to exchange data. A gateway facilitates communication between different networks or subnets. Because one device on the network cannot send data directly to a device on another subnet, a gateway must intercede and hand off the information.

Every device on a TCP/IP-based network has a default gateway—that is, the gateway that first interprets its outbound requests to other subnets, and then interprets its inbound requests from other subnets. A gateway is analogous to your local post office, which gathers your outbound mail and decides where to forward it. It also handles your inbound mail on its way to your mailbox. Just as a large city has several local post offices, a large organization will have several gateways to route traffic for different groups of devices. Each node on the network can have only one default gateway; that gateway is assigned either manually or automatically (in the latter case, through a service such as DHCP). Of course, if your network includes only one segment and you do not connect to the Internet, your devices would not need a default gateway because traffic would not need to cross the network’s boundary. In many cases, a default gateway is not a separate device, but rather a network interface on a router. For this reason, you may hear the term default router used to refer to a default gateway. By using a router’s network interfaces as gateways, one router can supply multiple gateways. Each default gateway is assigned its own IP address. In Figure 9-9on page 412, workstation 10.3.105.23 (workstation A) uses the 10.3.105.1 gateway to process its requests, and workstation 10.3.102.75 (workstation B) uses the 10.3.102.1 gateway for the same purpose.

On a network running IPv4, an Internet gateway is usually assigned an IP address that ends with an octet of .1. Similarly, in IPv6, default gateway addresses usually end in ::1.

Default gateways may connect multiple internal networks, or they may connect an internal network with external networks, such as WANs or the Internet. Routers that connect multiple networks must maintain a routing table to determine where to forward information. When a router is used as a gateway, it must maintain routing tables as well. The Internet contains a vast number of routers and gateways. If each gateway had to track addressing information for every other gateway on the Internet, it would be overtaxed. Instead, each handles only a relatively small amount of addressing information, which it uses to forward data to another gateway that knows more about the data’s destination. Like routers on an internal network, Internet gateways maintain default routes to known addresses to expedite data transfer. The gateways that make up the Internet backbone are called core gateways.

Address Translation

An organization’s default gateway can also be used to “hide” the organization’s internal IP addresses and keep them from being recognized on a public network. A public network is one that any user may access with little or no restrictions. The most familiar example of a public network is the Internet. A citywide kiosk system may also be considered a public network. Conversely, a private network is a network whose access is restricted to only clients or machines with proper credentials. Virtually all business LANs and WANs are private networks. On private networks, hiding IP addresses allows network managers more flexibility in assigning addresses. Clients behind a gateway may use any IP addressing scheme, regardless of whether it is recognized as legitimate by the Internet authorities. But as soon as those clients need to connect to the Internet, they must have a legitimate IP address to exchange data. When the client’s transmission reaches the default gateway, the gateway opens the IP datagram and replaces the client’s private IP address with an Internet-recognized IP address. This process is known as NAT (Network Address Translation). A few types of NAT are available to network administrators. Before learning how each works, though, it’s helpful to know more about the reasons for address translation. One reason for using address translation is to overcome the limitations of a low quantity of IPv4 addresses. In the early days of the Internet, businesses could lease large blocks of IP addresses, enough to assign a separate Internet-routable address to each device and client on their WAN. However, as more hosts joined the Internet, the scarcity of IPv4 addresses became a problem.

Today a small business with 25 hosts, for example, might only be able to lease one IP address from its ISP. Yet the business still needs to allow all its hosts’ access to the Internet. With address translation, all 25 hosts can share a single Internet-routable IP address. Another reason for using address translation is to add a marginal amount of security to a private network when it is connected to a public network. Because a transmission is assigned a new IP address each time it reaches the public sphere, those outside an organization cannot trace the origin of the transmission back to the specific network node that sent it. However, the IP address assigned to a transmission by the gateway must be an Internet-authorized IP address; thus, it can be traced back to the organization that leased the address.

NAT is also possible in IPv6. However, the problem that NAT is primarily designed to solve, a scarcity of Internet routable addresses, is not a problem in IPv6. Thus, NAT is unnecessary on networks that run only IPv6.

A third reason for using address translation is to enable a network administrator to develop her own network addressing scheme that does not conform to a scheme dictated by ICANN. For example, suppose you are the network administrator for a private elementary school. You maintain the school’s entire network, which, among other things, includes 50 client workstations. Suppose half of these clients are used by students in the classrooms or library and half are used expressly by staff. To make your network management easier, you might decide to assign each workstation an IPv4 address whose first octet begins with the number 10 and whose second octet is the number of the classroom or office where the computer is located. For example, the principal’s workstation, which is located in the administrative cubicles in Room 135, might have an IP address of 10.135.1.10. A workstation used by students in the classroom in Room 235 might be assigned an IP address of 10.235.1.12. These IP addresses would be used strictly for communication between devices on the school’s network. When staff or students wanted to access the Internet, their workstations would need to have access to IP addresses that are legitimate for use on the Internet. If you have leased at least 50 Internet-valid IP addresses from your ISP, you can assign each client a corresponding IP address for use on the Internet. For example, the student workstation in room 235 with a private IP address of 10.235.1.12 might be assigned an Internet-valid IP address of 168.11.124.110. The principal’s workstation might be assigned an Internet-valid IP address of 168.11.124.113. This type of address translation is known as SNAT (Static Network Address Translation). It is considered static because each client is associated with one private IP address and one public IP address that never changes. SNAT is useful when operating a mail server, for example, whose address must remain the same for clients to reach it at any time. Figure 9-10 on page 414, illustrates SNAT. Now suppose that, because the school has limited funds and does not require that all clients be connected to the Internet at all times, you decide to lease only eight IP numbers from your ISP. You then configure your gateway to translate the school’s private IP addresses to addresses that can be used on the Internet. Each time a client attempts to reach the Internet, the gateway would replace its source address field in the datagram with one of the eight legitimate IP addresses. Because any Internet-valid IP address might be assigned to any client’s outgoing transmission, this technique is known as DNAT (Dynamic Network Address Translation). It may also be called IP masquerading. You might wonder how an Internet host can respond to a client on a private network using DNAT, if all the clients on that network share a small pool of addresses. For example, when a student at the elementary school opens a browser and requests the Library of Congress Web page, how will the Web server know which student workstation should receive the response? In fact, to accomplish DNAT, a gateway performs PAT (Port Address Translation). With PAT, each client session with a server on the Internet is assigned a separate TCP port number. When the client issues a request to the server, its datagram’s source address includes this port number.

When the Internet server responds, its datagram’s destination address includes the same port number. This allows the gateway to send the response to the appropriate client. PAT is the most common type of address translation used on small office and home networks. Figure 9-11 on page 415, illustrates the use of PAT where one Internet-recognized IP address is shared by four clients. You have learned that NAT separates private and public transmissions on a TCP/IP network. Further, you have learned that gateways conduct the network translation. On most networks, this refers to a router acting as a gateway. However, the gateway might instead operate on a network host. For example, on Windows operating systems, ICS (Internet Connection

Sharing) can be used to translate network addresses and allow clients to share an Internet connection. Using ICS, a computer with Internet access, called the ICS host, is configured to translate requests to and from the Internet on behalf of other computers on the network. To do this, it acts as a DHCP server, DNS resolver, and NAT gateway for clients on its LAN.

The ICS host requires two network connections: one that connects to the Internet, which could be dial-up, DSL, ISDN, or broadband cable, and one that connects to the LAN. If the network uses a dial-up connection to the Internet, the ICS host connects to the Internet on demand—that is, when other computers on the network issue a request to the Internet. When ICS is enabled on a LAN, the network adapter on the ICS host that connects to the LAN is assigned an IP address of 192.168.0.1. Clients on the small office or home office LAN must be set up to obtain IP addresses automatically. The ICS host then assigns clients IP addresses in the range of 192.168.0.2 through 192.168.0.254. If you are already using this range of addresses on your network (for example, in a NAT scheme); you might experience problems establishing or using ICS. When designing a network to share an Internet connection, most network administrators prefer using a router or switch rather than ICS because ICS typically requires more configuration. It also requires the ICS host to be available whenever other computers need Internet access. However, in the unlikely event that a router or switch is not available, ICS is an adequate alternative for sharing an Internet connection among multiple clients.

TCP/IP Mail Services

As a network administrator, you will need to understand how mail services work so that you can set up and support mail clients or install and configure a mail server. All Internet mail services rely on the same principles of mail delivery, storage, and pickup, though they may use different types of software to accomplish these functions. You have learned that mail servers communicate with other mail servers to deliver messages across the Internet. They send, receive, and store messages. They may also filter messages according to content, route messages according to configurable conditions such as timing or priority, and make available different types of interfaces for different mail clients. The most popular mail server programs are Sendmail and Microsoft Exchange Server. Mail clients send messages to and retrieve messages from mail servers. They may also provide ways of organizing messages (using folders or mailboxes), filter messages according to content or sender information, set message priority, create and use distribution lists, send file attachments, and interpret graphic and HTML content. Hundreds of different types of mail clients exist. Examples of popular mail client software include Thunderbird and Microsoft Outlook. Other mail services, such as Gmail, are Web-based. In that case, the e-mail servers and clients communicate through special TCP/IP Application layer protocols. These protocols, all of which operate on Macintosh, Windows, UNIX, and Linux systems, are discussed in the following sections.

SMTP (Simple Mail Transfer Protocol)

SMTP (Simple Mail Transfer Protocol) is the protocol responsible for moving messages from one mail server to another over TCP/IP-based networks. SMTP belongs to the Application layer of the OSI model and relies on TCP at the Transport layer. It operates from port 25. (That is, requests to receive mail and send mail go through port 25 on the SMTP server.) SMTP, which provides the basis for Internet e-mail service, relies on higher-level programs for its instructions. Although SMTP comes with a set of human-readable (text) commands that you could conceivably use to transport mail from machine to machine, this method would be laborious, slow, and prone to error. Instead, other services, such as the Sendmail software for UNIX and Linux systems, provide more friendly and sophisticated mail interfaces that rely on SMTP as their means of transport. SMTP is a simple subprotocol, incapable of doing anything more than transporting mail or holding it in a queue. In the post office analogy of data communications, SMTP is like the mail carrier who picks up his day’s mail load at the post office and delivers it to the homes on his route. The mail carrier does not worry about where the mail is stored overnight or how it gets from another city’s post office to his post office. If a piece of mail is undeliverable, he simply holds onto it; the mail carrier does not attempt to figure out what went wrong. In Internet e-mail transmission, higher-level mail protocols such as POP and IMAP, which are discussed later in this chapter, take care of these functions. When you configure clients to use e-mail, you need to identify the user’s SMTP server. (Sometimes, this server is called the mail server.) Each e-mail program specifies this setting in a different place. Assuming that your client uses DNS, you do not have to identify the IP address of the SMTP server—only the name. For example, if a user’s e-mail address is jdoe@usmail.com; his SMTP server is probably called “usmail.com.” You do not have to specify the TCP/IP port number used by SMTP because both the client workstation and the server assume that SMTP requests and responses flow through port 25.

MIME (Multipurpose Internet Mail Extensions)

The standard message format specified by SMTP allows for lines that contain no more than 1000 ASCII characters. That means if you relied solely on SMTP, you couldn’t include pictures or even formatted text in an e-mail message. SMTP sufficed for mail transmissions in the early days of the Internet. However, its limitations prompted IEEE to release MIME (Multipurpose Internet Mail Extensions) in 1992. MIME is a standard for encoding and interpreting binary files, images, video, and non-ASCII character sets within an e-mail message. MIME identifies each element of a mail message according to content type. Some content types are text, graphics, audio, video, and multipart. The multipart content type indicates that a message contains more than one type of data, for example, some of the message’s content is formatted as text, some as a binary file, and some as a graphics file. MIME does not replace SMTP, but works in conjunction with it. It encodes different content types so that SMTP is fooled into thinking it is transporting an ASCII message stream. Most modern e-mail clients and servers support MIME.

POP (Post Office Protocol)

POP (Post Office Protocol) is an Application layer protocol used to retrieve messages from a mail server. The most current and commonly used version of the POP protocol is POP3 (Post Office Protocol, version 3), which relies on TCP and operates over port 110. With POP3, mail is delivered and stored on a mail server until a user connects—via an e-mail client—to the server to retrieve his messages. As the user retrieves his messages, the messages are downloaded to his workstation. After they are downloaded, the messages are typically deleted from the mail server. You can think of POP3 as a store-and-forward type of service. Mail is stored on the POP3 server and forwarded to the client on demand. One advantage to using POP3 is that it minimizes the use of server resources because mail is deleted from the server after retrieval.

Another advantage is that virtually all mail server and client applications support POP3. However, the fact that POP3 downloads messages rather than keeping them on the server can be a drawback for some users. POP3’s design makes it best suited to users who retrieve their mail from the same workstation all the time. Users who move from machine to machine are at a disadvantage because POP3 does not normally allow users to keep the mail on the server after they retrieve it. Thus, the mail is not accessible from other workstations. For example, suppose a consultant begins his day at his company’s office and retrieves his e-mail on the workstation at his desk. Then, he spends the rest of the day at a client’s office, where he retrieves messages on his laptop. When he comes home, he checks his e-mail from his home computer. Using POP3, his messages would be stored on three different computers. A few options exist for circumventing this problem (such as downloading messages from the mail server to a file server on a LAN), but a more thorough solution has been provided by a new, more sophisticated e-mail protocol called IMAP, described next.

IMAP (Internet Message Access Protocol)

IMAP (Internet Message Access Protocol) is a mail retrieval protocol that was developed as a more sophisticated alternative to POP3. The most current version of IMAP is version 4, or, IMAP4. IMAP4 can replace POP3 without the user having to change e-mail programs. The single biggest advantage IMAP4 has over POP3 is that users can store messages on the mail server, rather than always having to download them to a local machine. This feature benefits users who may check mail from different workstations. In addition, IMAP4 provides the following features:

· Users can retrieve all or only a portion of any mail message- The remainder can be left on the mail server. This feature benefits users who move from machine to machine and users who have slow connections to the network or minimal free hard drive space.

· Users can review their messages and delete them while the messages remain on the server—This feature preserves network bandwidth, especially when the messages are long or contain attached files, because the data need not travel over the wire from the server to the client’s workstation. For users with a slow modem connection, deleting messages without having to download them represents a major advantage over POP3.

· Users can create sophisticated methods of organizing messages on the server—A user might, for example, build a system of folders to contain messages with similar content. Also, a user might search through all of the messages for only those that contain one particular keyword or subject line.

· Users can share a mailbox in a central location—For example, if several maintenance personnel who use different workstations need to receive the same messages from the Facilities Department head but do not need e-mail for any other purpose, they can all log on with the same ID and share the same mailbox on the server. If POP3 were used in this situation, only one maintenance staff member could read the message; she would then have to forward or copy it to her colleagues.

Although IMAP4 provides significant advantages over POP3, it also comes with a few disadvantages. For instance, IMAP4 servers require more storage space and usually more processing resources than POP servers do. By extension, network managers must keep a closer watch on IMAP4 servers to ensure that users are not consuming more than their fair share of space on the server. In addition, if the IMAP4 server fails, users cannot access the mail left there. IMAP4 does allow users to download messages to their own workstations, however.

Now that you have learned more about e-mail, you are ready to learn about utilities that will help you analyze TCP/IP-based networks.

Additional TCP/IP Utilities

As with any type of communication, many potential points of failure exist in the TCP/IP transmission process, and these points increase with the size of the network and the distance of the transmission. Fortunately, TCP/IP comes with a complete set of utilities that can help you track down most TCP/IP-related problems without using expensive software or hardware to analyze network traffic. You should be familiar with the use of the following tools and their switches, not only because the Network+ certification exam covers them, but also because you will regularly need these diagnostics in your work with TCP/IP networks. Each of the tools described in this section works with systems running IPv4 or IPv6. In Chapter 4, you learned about three very important TCP/IP utilities—Telnet, ARP, and ping. The following sections present additional TCP/IP utilities that can help you discover information about your node and network. Later, in the Hands-On Projects at the end of this chapter, you’ll have an opportunity to try some of these utilities. Nearly all TCP/IP utilities can be accessed from the command prompt on any type of server or client running TCP/IP. However, the syntax of these commands may differ, depending on your client’s operating system. For example, the default command that traces the path of packets from one host to another is known as traceroute in UNIX, as tracepath in some modern versions of Linux, and as tracert in the Windows operating systems. Similarly, the options used with each command may differ according to the operating system. For example, when working on a UNIX or Linux system, you can limit the maximum number of router hops the traceroute command allows by using the -m switch. On a Windows-based system, the -h switch accomplishes the same thing. The following sections cover the proper command syntax for Windows, UNIX, and Linux systems.

Ipconfig

Earlier in this book, you used the ipconfig utility to determine the TCP/IP configuration of a Windows 7 workstation. Ipconfig is the TCP/IP administration utility for use with Windows operating systems. If you work with these operating systems, you will frequently use this tool to view a computer’s TCP/IP settings. Ipconfig is a command-line utility that provides information about a network adapter’s IP address, subnet mask, and default gateway. To use the ipconfig utility from a Windows workstation, for example, click the Start button, point to All Programs, click Accessories, and then click Command Prompt to open the Command Prompt window. At the command prompt, type ipconfig and press Enter. You should see TCP/IP information for your computer, similar to the output shown in Figure 9-12 on page 419. (Actual output will vary depending on the number and type of interfaces on your computer and the type of network to which it’s attached.) In addition to being used alone to list information about the TCP/IP configuration, the ipconfig utility can be used with switches to manage a computer’s TCP/IP settings. For example, if you wanted to view complete information about your TCP/IP settings, including your MAC address, subnet mask, when your DHCP lease expires, and so on, you could type: ipconfig /all. Note that the syntax of this command differs slightly from other TCP/IP utilities. With ipconfig, a forward slash (/) precedes the command switches, rather than a hyphen. The following list describes some popular switches that can be used with the ipconfig command:

/?—Displays a list of switches available for use with the ipconfig command /all—Displays complete TCP/IP configuration information for each network interface on that device

/release—Releases DHCP-assigned addresses for all of the device’s network interfaces

/renew—Renews DHCP-assigned addresses for all of the device’s network interfaces

When using the ipconfig command, you must be logged in as an administrator to change your workstation’s IP configuration.

Ifconfig

Chapter 4 also introduced you to the ifconfig utility, which is the TCP/IP configuration and management utility used on UNIX and Linux systems. As with ipconfig on Windows systems, ifconfig enables you to modify TCP/IP settings for a network interface, release and renew DHCP-assigned addresses, or simply check the status of your machine’s TCP/IP settings. Ifconfig is also a utility that runs when a UNIX or Linux system starts, to establish the TCP/IP configuration for that computer. Similar to the TCP/IP configuration utilities used with other operating systems, ifconfig can be used alone or with switches to reveal more customized information. For example, if you want to view the TCP/IP information associated with every interface on a device, you could type: ifconfig -a. The output would resemble the output shown in Figure 9-13 on page 421. Notice that the syntax of the ifconfig command uses a hyphen ( - ) before some of the switches and no preceding character for other switches. The following list describes some of the popular switches you can use with ifconfig. To view a complete list of options, read the ifconfig man pages.

· -a—Applies the command to all interfaces on a device; can be used with other switches

· down—Marks the interface as unavailable to the network

· up—Reinitializes the interface after it has been taken “down,” so that it is once again available to the network

Other ifconfig switches, such as those that apply to DHCP settings, vary according to the type and version of the UNIX or Linux system you use.

Netstat

The netstat utility displays TCP/IP statistics and details about TCP/IP components and connections on a host. Information that can be obtained from the netstat command includes the port on which a particular TCP/IP service is running, regardless of whether a remote node is logged on to a host; which network connections are currently established for a client; how many packets have been handled by a network interface since it was activated; and how many data errors have occurred on a particular network interface. As you can imagine, with so much information available, the netstat utility makes a powerful diagnostic tool. For example, suppose you are a network administrator in charge of maintaining file, print, Web, and Internet servers for an organization. You discover that your Web server, which has multiple processors, sufficient hard disk space, and multiple NICs, is suddenly taking twice as long to respond to HTTP requests. Of course, you would want to check the server’s memory resources as well as its Web server software to determine that nothing is wrong with either of those. In addition, you can use the netstat utility to determine the characteristics of the traffic going into and out of each NIC. You may discover that one network card is consistently handling 80 percent of the traffic, even though you had configured the server to share traffic equally among the two. This fact may lead you to run hardware diagnostics on the NIC, and perhaps discover that its on-board processor has failed, making it much slower than the other NIC. Netstat provides a quick way to view traffic statistics, without having to run a more complex traffic analysis program, such as Wireshark.

If you use the netstat command without any switches, it will display a list of all the active

TCP/IP connections on your machine, including the Transport layer protocol used (UDP or

TCP), packets sent and received, IP address, and state of those connections. However, like other TCP/IP commands, netstat can be used with a number of different switches. A netstat command begins with the word netstat followed by a space, then a hyphen and a switch, followed by a variable pertaining to that switch, if required. For example, netstat -a displays all current TCP and UDP connections from the issuing device to other devices on the network, as well as the source and destination service ports. The netstat -r command allows you to display the routing table on a given machine.

The following list describes some of the most common switches used with the netstat utility:

· -a—Provides a list of all available TCP and UDP connections, even if they are simply listening and not currently exchanging data

· -e—Displays details about all the packets that have been sent over a network interface

· -n—Lists currently connected hosts according to their port and IP address (in numerical form)

· -p—Allows you to specify what type of protocol statistics to list; this switch must be followed by a protocol specification (TCP or UDP)

· -r—Provides a list of routing table information

· -s—Provides statistics about each packet transmitted by a host, separated according to protocol type (IP, TCP, UDP, or ICMP)

Nbtstat

NetBIOS is a protocol that runs in the Session and Transport layers of the OSI model and associates NetBIOS names with workstations. NetBIOS alone is not routable because it does not contain Network layer information. However, when encapsulated in another protocol such as TCP/IP, it can be routed. On networks that run NetBIOS over TCP/IP, the nbtstat utility can provide information about NetBIOS statistics and resolve NetBIOS names to their IP addresses. In other words, if you know the NetBIOS name of a workstation, you can use nbtstat to determine its IP address. Nbtstat is useful only on networks that run Windows-based operating systems and NetBIOS. UNIX and Linux systems do not use NetBIOS, so nbtstat is not useful on these computers. Since most networks run pure TCP/IP (and not NetBIOS over TCP/IP), nbtstat has limited use as a TCP/IP diagnostic utility. As with netstat, nbtstat offers a variety of switches that you can use to tailor the output of the command.

For example, you can type nbtstat-A ip_address to determine what machine is registered to a given IP address. The following list details popular switches used with the nbtstat command. Notice that they are case sensitive; the -a switch has a different meaning than the -A switch.

· -a—Displays a machine’s name table given its NetBIOS name; the name of the machine must be supplied after the -a switch

· -A—Displays a machine’s name table given its IP address; the IP address of the machine must be supplied after the -A switch

· -r—Lists statistics about names that have been resolved to IP addresses by broadcast and by WINS; this switch is useful for determining whether a workstation is resolving names properly or for determining whether WINS is operating correctly

· -s—Displays a list of all the current NetBIOS sessions for a machine; when used with this switch, the nbtstat command attempts to resolve IP addresses to NetBIOS names in the listing; if the machine has no current NetBIOS connections, the result of this command will indicate that fact.

Figure 9-14 on page 422, illustrates the output of a netstat -a command.

Hostname, Host, and Nslookup

In Chapter 4, you learned that each client on a network is identified by a host name. If you aren’t sure what host name has been assigned to a client, you can discover it by using the hostname utility. At the command prompt of a computer running a Windows, UNIX, or Linux operating system, type hostname and then press Enter. The utility responds with the client’s host name.

If you have administrator privileges on a client, you may also use the hostname utility to change its host name as follows: type hostname new_hostname, where new_hostname is the name you want to assign to the host, and then press Enter. If you already know a host’s name and want to learn its IP address, you can use the host utility. When used without any switches, host simply returns either the IP address of a host if its host name is specified or its host name if its IP address is specified. For example, on a Linux workstation, you can type /usr/bin/host www.cengage.com and press Enter to discover the IP address associated with the host whose name is www.cengage.com. Or, you could type /usr/bin/host 69.32.133.79 and press Enter to discover that the host name associated with this IP address is www.cengage.com. The host command comes with Linux and UNIX distributions. If your computer uses a Windows operating system, you’ll need to download a third-party version of host. A utility that is similar to host but has more flexibility is nslookup. Nslookup allows you to query the DNS database from any computer on the network and find the host name of a device by specifying its IP address, or vice versa. This ability is useful for verifying that a host is configured correctly or for troubleshooting DNS resolution problems.

For example, if you wanted to find out whether the host whose name is www.cengage.com is operational, you could type: nslookup www.cengage.com and press Enter. Figure 9-15 on page 424, shows the result of running a simple nslookup command at a Linux shell prompt. Notice that the command provides not only the host’s IP address, but also the primary DNS server name and address that holds the record for this name. To find the host name of a device whose IP address you know, type: nslookup ip_address and press Enter. In this case, the response would include not only the host name for that device, but also its IP address and the IP address and host name of its primary DNS server. Nslookup can reveal much more than just the IP address or host name of a device. Typing just nslookup (without any switches), and then pressing Enter starts the nslookup utility, and the command prompt changes to a >. You can then use additional commands to find out more about the contents of the DNS database. For example, on a computer running UNIX you could view a list of all the host name and IP address correlations on a particular DNS server by typing ls. Or you could specify five seconds as the period to wait for a response by typing timeout=5. (The default is 10 seconds.) Many other nslookup options exist. On a UNIX or Linux system, you can find the complete list of the nslookup options in the nslookup man pages. On a Windows-based system, you can view them by typing nslookup ? at the command prompt. To exit the nslookup utility and return to the normal command prompt, type exit.

Dig

A TCP/IP utility similar to nslookup is dig, which stands for domain information groper. As with nslookup, dig allows you to query a DNS database and find the host name associated with a specific IP address or vice versa. Also similar to nslookup, dig is useful for helping network administrators diagnose DNS problems. However, both in its simplest form and when used with one or more of its multiple switches, the dig utility can provide more detailed information than nslookup. An example of a simple dig command is dig www.cengage.com, the output of which is shown in Figure 9-16 on page 425. Compare this output to the simple nslookup command output shown in Figure 9-15. Whereas the simple nslookup command returned the IP address for the host name, the simple dig command returned specifics about the resource records associated with the host name www.cengage.com. The domain name is in the first column, followed by the record’s Time to Live, then its type code (for example, A for an address record or MX for a mail record), and finally, a data field indicating the IP address or other domain name with which the primary domain name is associated. A summary of this particular query, including the time it took for the dig command to return the data, is shown at the bottom of the output.

The dig utility comes with over two dozen switches, making it much more flexible than nslookup. For example, in a dig command you can specify the DNS server to query and the type of DNS record(s) for which you want to search, a timeout period for the query, a port (other than the default port 53) on the DNS server to query, and many other options. Look for the complete list of dig command switches and the syntax needed to use each in the dig man pages. The dig utility is included with UNIX and Linux operating systems. If your computer runs a Windows-based operating system, however, you must obtain the code for the dig utility from a third party and install it on your system.

Traceroute (Tracert)

Suppose you work in technical support for a large company and one afternoon you receive calls from several employees complaining about slow Internet connections. With only that knowledge, you can’t say whether the problem lies with your company’s LAN (for example, a workgroup or backbone switch or router), default gateway, WAN connection, your service provider’s CO, or a major ISP. However, simply by using one of the commands listed in this section, you can better assess where network performance is degraded. The traceroute utility (known as tracert on Windows-based systems and tracepath on some Linux systems) uses ICMP ECHO requests to trace the path from one networked node to another, identifying all intermediate hops between the two nodes. To find the route, the traceroute utility transmits a series of UDP datagrams to a specified destination, using either the IP address or the host name to identify the destination. The first three datagrams that traceroute transmits have their TTL (Time to Live) set to 1. Because the TTL determines how many more network hops a datagram can make, datagrams with a TTL of 1 expire as they hit the first router. When they expire, they are returned to the source—in this case, the node that began the traceroute. In this way, traceroute obtains the identity of the first router. After it learns about the first router in the path, traceroute transmits a series of datagrams with a TTL of 2. The process continues for the next router in the path, and then the third, fourth, and so on, until the destination node is reached. Traceroute also returns the amount of time it took for the datagrams to reach each router in the path. A traceroute test might stop before reaching the destination, however. This happens for one of two reasons: Either the device that traceroute is attempting to reach is down, or it does not accept ICMP transmissions. The latter is usually the case with firewalls. Therefore, if you are trying to trace a route to a host situated behind a firewall, your efforts will be thwarted. (Because ping uses ICMP transmissions, the same limitations exist for that utility.) Furthermore, traceroute cannot detect router configuration problems or detect whether a router uses different send and receive interfaces. In addition, routers might not decrement the TTL value correctly at each stop in the path. Therefore, traceroute is best used on a network with which you are already familiar. If you are reasonably certain that devices in the path between your host and a destination host do not block ICMP transmissions, traceroute can help you diagnose network congestion or network failures. You can then use your judgment and experience to compare the actual test results with what you anticipate the results should be. The simplest form of the traceroute command (on a UNIX or Linux system) is traceroute ip_address or traceroute host_name. On some versions of Linux, it’s tracepath ip_address or tracepath host_name. On computers that use a Windows-based operating system, the proper syntax is tracert ip_address or tracert host_name. When run on a UNIX system, the command will return a list as shown in Figure 9-17 on page 426. Tracert and tracepath output looks virtually identical. As with other TCP/IP commands traceroute has a number of switches that may be used with the command. The command begins with either , traceroute, tracert, or tracepath (depending on the operating system your computer uses), followed by a hyphen, a switch, and a variable pertaining to a particular switch, if required. For example, on a Windows-based system, tracert -4 forces the utility to use only IPv4 transmission.

The following list describes some of the popular tracert switches:

· -d—Instructs the tracert command not to resolve IP addresses to host names

· -h—Specifies the maximum number of hops the packets should take when attempting to reach a host (the default is 30); this switch must be followed by a specific number of hops (for example, tracert -h 12 would indicate a maximum of 12 hops)

· -w—Identifies a timeout period for responses; this switch must be followed by a variable to indicate the number of milliseconds the utility should wait for a response

Mtr (my traceroute)

Mtr (my traceroute) is a route discovery and analysis utility that comes with UNIX and Linux operating systems. It combines the functions of the ping and traceroute utilities and delivers an easy-to-read chart as its output. By issuing the mtr command, you instruct your computer to first determine the path between your client and the host you specify, and then successively send ICMP ECHO requests to every hop on the route. In return, you learn about the devices in the path and whether and how promptly they respond. After letting the command run for a while, you also learn the devices’ shortest, longest, and average response times and the extent of packet loss for each hop. This can reveal what portions of a network are suffering poor performance or even faults. The simplest form of the mtr command is mtr ip_address or mtr host_name. After you enter the command, mtr will run continuously until you stop it by pressing Ctrl+C or unless you add an option to the command to limit its number of probes. As you might guess, mtr can be used with a number of switches to refine the command’s functioning and output. The command begins with mtr, followed by a hyphen, a switch, and a variable pertaining to a particular switch, if required. For example, entering mtr -c 2 limits the number of ICMP ECHO requests to two. The following list defines some mtr switches:

· -c—Specifies how many ICMP ECHO requests to issue (in this case, c stands for count).

· -r—Used with the -c switch, -r instructs mtr to generate a report and then exit after a certain number of probes.

· -n—Instructs mtr to not use DNS—that is, to display only IP addresses and not host names.

· -i—Used with a specific number of seconds to specify the period of time between ICMP ECHO requests; the default value is one second.

Figure 9-18 on page 428, illustrates the output of the command mtr -c 100 -r www.cengage.com. In other words, an mtr command that will send 100 ICMP ECHO requests along the path to the host www.cengage.com and will issue the results in report format. Notice that the “Snt” column displays the quantity of ICMP ECHO requests sent. Bear in mind that, as with traceroute, mtr results might be misleading if certain devices on the network are prevented from responding to ICMP traffic. Even if a router does accept ICMP traffic, it will likely assign such requests lowest priority. A small percentage of packet loss in the middle of a route might merely reflect the fact that a router is busy and therefore slower at handling less-important traffic. In addition, beware that mtr generates a significant amount of traffic on a network. By running the mtr utility, you might slow network performance. A program similar to mtr, pathping, is available as a command-line utility in Windows operating systems. The switches available for use with pathping are similar to those available with mtr. However, the pathping output differs slightly. Pathping displays the path first, then issues hundreds of ICMP ECHO requests before revealing any reply or packet loss statistics.

Route

In Chapter 6, you learned that a routing table is a file on a networked host (for example, a workstation or router) that contains information about the paths that data will take between that host and other network nodes. When a client or connectivity device is added to a network, it discovers best paths and adds them to its routing table. You also learned that in dynamic routing, routers gather information about the network and incorporate that information in their routing tables even as the network changes. The route utility allows you to view a host’s routing table. On a UNIX or Linux system, type route and then press Enter at the command prompt to view the routing table. On a Windows based system, type route print and then press Enter. On a Cisco-brand router or another brand that uses Cisco command conventions, type show ip route and press Enter. Routing tables on network clients typically have no more than a few unique entries, including the default gateway and loopback address. However, routing tables on Internet backbone routers, such as those operated by ISPs, maintain hundreds of thousands of entries. The routing table in Figure 9-19 on page 429 is an example of one that might be found on a UNIX host. Table 9-7 explains the fields belonging to routing tables on UNIX or Linux systems. The route print command used on a computer running a Windows operating system does not provide as much information and displays it in a different format.

Table 9-7 Fields in routing table on a UNIX host

Destination	The destination host’s identity
Gateway	The destination host’s gateway
Genmask	The destination host’s netmask number
Flags	Additional information about the route, including whether it’s usable (U), whether it’s a gateway (G), and whether, as is the case with the loopback entry, only a single host can be reached via that route (H)
Metric	The cost of the route—that is, how efficiently it carries traffic
Ref	The number of references to the route that exist—that is, the number of routes that rely on this route
Use	The number of packets that have traversed the route
Iface	The type of interface the route uses

In fact, the route command allows you to do much more than simply view a host’s routing table. With it you may also add, delete, or modify routes. Following are some options available for use with the route command:

· add—Adds a route to the routing table; this switch must be followed by information about the route, for example, route add default gw 123.45.67.1 ethl instructs the host to add a route that uses the gateway with an address of 123.45.67.1 on the eth1 interface.

· del—Deletes a route from the routing table; this option must be followed by information about the route.

· change—Changes an existing route; this switch must be followed by information about the route to be changed (available on Windows systems only).

· -p—Makes a route persistent, or reappear after a system is restarted (available on Windows systems only).

To learn about more route command options and the correct syntax for each, type man route and press Enter on a UNIX or Linux system. On a Windows system, type route ? and press Enter.

Most routers and other types of hosts optimize their routing tables without human intervention. If you choose to modify a routing table, be careful to not eliminate or damage a necessary route or cause routing loops. You risk degrading network performance or even cutting off network access to some or all clients.

Chapter Summary

· Subnetting separates one network or segment into multiple logically defined segments, or subnets. A network administrator might subnet a network to achieve simpler troubleshooting, enhanced security, improved performance, and easier network management.

· A subnet mask provides clues about the location of network information in an IP address. Bits in a subnet mask that equal 1 indicate that corresponding bits in an IP address contain network information. Bits in a subnet mask that equal 0 indicate that corresponding bits in an IP address contain host information.

· To create subnets, some of an IP addresses bits (which by default represent host information) are changed to represent network information instead. The change is indicated by a change in the subnet mask’s bits.

· If you use subnetting on your LAN, only your LAN’s devices need to interpret your devices’ subnetting information. External routers, such as those on the Internet, pay attention to only the network portion of your devices’ IP addresses—not their subnet masks—when transmitting data to them.

· A newer variation on traditional subnetting is provided by CIDR (Classless Interdomain Routing). CIDR offers additional ways of arranging network and host information in an IP address. In CIDR, conventional network class distinctions do not exist.

· CIDR allows the creation of supernets, or subnets established by using bits that normally would be reserved for network class information. By moving the subnet boundary to the left, more bits are made available for host information, thus increasing the number of usable host addresses on a subnetted network.

· Subnetting in IPv6 is simple. In every unicast address, the last four blocks, which equate to the last 64 bits, identify the interface. (On many IPv6 networks, those 64 bits are based on the interface’s EUI-64 MAC address.) The first four blocks indicate the 64-bit subnet prefix. For example, in the IPv6 address 2608:FE10:1:A:002:50FF:FE2B:E708, the subnet prefix is 2608:FE10:1:A and the interface ID is 002:50FF:FE2B:E708.

· Besides subdividing IPv6 interfaces according to subnet, IPv6 enables network administrators to more generally group interfaces that belong to the same route by specifying a route prefix. Because route prefixes vary in length, slash notation is necessary when defining them.

· Gateways facilitate communication between different subnets. Because one device on the network cannot send data directly to a device on another subnet, a gateway (usually in the form of a router interface) must intercede and hand off the information.

· Every device on a TCP/IP-based network has a default gateway, the gateway that first interprets its outbound requests to other subnets, and then interprets its inbound requests from other subnets. Internet gateways maintain default routes to known addresses to expedite data transfer. The gateways that make up the Internet backbone are called core gateways.

· NAT (Network Address Translation) allows a network administrator to “hide” IP addresses assigned to nodes on a private network. In NAT, gateways assign transmissions valid Internet IP addresses when the transmission is sent to the Internet.

· SNAT (Static Network Address Translation) establishes a one-to-one correlation between each private IP address and Internet-recognized IP address.

· DNAT (Dynamic Network Address Translation) allows one or more Internet-recognized IP addresses to be shared by multiple clients. To achieve this type of address translation, a gateway assigns ports to each client’s sessions, in a technique known as PAT (Port Address Translation). This is the most common type of address translation on small office and home networks.

· ICS (Internet Connection Sharing) is a service included with Windows operating systems that allows a network of computers to share a single Internet connection through an ICS host computer.

· All Internet mail services rely on the same principles of mail delivery, storage, and pickup, though they may use different types of software to accomplish these functions.

· Mail client software can communicate with various types of mail server software because the TCP/IP Application layer protocols used for this communication are standard.

· SMTP (Simple Mail Transfer Protocol) is responsible for moving messages from one e-mail server to another over TCP/IP-based networks. SMTP operates through port 25, with requests to receive mail and send mail going through that port on the SMTP server. SMTP is used in conjunction with either POP or IMAP. MIME operates over SMTP to enable mail messages to contain non-ASCII content, such as graphics, audio, video, and binary files. Most modern e-mail clients support MIME encoding.

· POP (Post Office Protocol) is a mail retrieval protocol. The most current and commonly used version of POP is called POP3. Using POP3, messages are downloaded from the mail server to a client workstation each time the user retrieves messages.

· IMAP (Internet Message Access Protocol) is another mail retrieval protocol. Its most current version is IMAP4. IMAP4 differs from POP3 in that it allows users to store messages on the mail server, rather than always having to download them to the local machine. This is an advantage for users who do not always check mail from the same computer.

· Typing ipconfig at the command prompt of a system running a Windows operating system reveals the TCP/IP settings for that computer.

· Ifconfig is the utility that establishes and allows management of TCP/IP settings on a UNIX or Linux system.

· The netstat utility displays TCP/IP statistics and the state of current TCP/IP components and connections. It also displays ports, which can signal whether services are using the correct ports.

· The nbtstat utility provides information about NetBIOS names and their addresses. If you know the NetBIOS name of a workstation, you can use nbtstat to determine the workstation’s IP address.

· The hostname utility allows you to view or change a client’s host name. The host utility, which comes with Linux and UNIX operating systems, allows you to find out either the host name of a node given its IP address or the IP address of a node given its host name.

· The nslookup utility is a more flexible version of the host utility. It allows you to look up the DNS host name of a network node by specifying the node’s IP address, or vice versa. Nslookup is useful for troubleshooting host configuration and DNS resolution problems.

· The dig utility, similar to nslookup, queries the network’s DNS database to return information about a host given its IP address, or vice versa. In its simplest form, or when used with one of its many switches, dig provides more information than nslookup.

· The traceroute utility, known as tracert on Windows-based systems and tracepath on some Linux systems, uses ICMP to trace the path from one networked node to another, identifying all intermediate hops between the two nodes. This utility is useful for determining router or subnet connectivity problems.

· Mtr is a TCP/IP utility that combines the functions of traceroute and ping to reveal not only the path data takes between two hosts, but also statistics about the path, such as how promptly router interfaces respond and the extent of packet loss at each hop.

· The route command allows you to view a host’s routing table and add, delete, or modify preferred routes.

Key Terms

ANDing - A logical process of combining bits. In ANDing, a bit with a value of 1 plus another bit with a value of 1 results in a 1. A bit with a value of 0 plus any other bit results in a 0.

CIDR (Classless Interdomain Routing) - An IP addressing and subnetting method in which network and host information is manipulated without adhering to the limitations imposed by traditional network class distinctions. CIDR is also known as classless routing or supernetting. Older routing protocols, such as RIP, are not capable of interpreting CIDR addressing schemes.

CIDR block - In CIDR notation, the number of bits used for an extended network prefix. For example, the CIDR block for 199.34.89.0/22 is /22.

CIDR notation - In CIDR, a method of denoting network IDs and their subnet boundaries. Slash notation takes the form of the network ID followed by a slash (/), followed by the number of bits that are used for the extended network prefix.

classful addressing - An IP addressing convention that adheres to network class distinctions, in which the first 8 bits of a Class A address, the first 16 bits of a Class B address, and the first 24 bits of a Class C address are used for network information.

Classless Interdomain Routing - See CIDR.

classless routing - See CIDR.

core gateway - A gateway that operates on the Internet backbone.

default gateway - The gateway that first interprets a device’s outbound requests, and then interprets its inbound requests to and from other subnets. In a Postal Service analogy, the default gateway is similar to a local post office.

default router - See default gateway.

dig (domain information groper) - A TCP/IP utility that queries the DNS database and provides information about a host given its IP address or vice versa. Dig is similar to the nslookup utility, but provides more information, even in its simplest form, than nslookup can.

DNAT (Dynamic Network Address Translation) A type of address translation in which a limited pool of Internet-valid IP addresses is shared by multiple private network hosts.

domain information groper - See dig.

Dynamic Network Address Translation - See DNAT.

extended network prefix -The combination of an IP address’s network ID and subnet information. By interpreting the address’s extended network prefix, a device can determine the subnet to which an address belongs.

host A TCP/IP utility that at its simplest returns either the IP address of a host if its host name is specified or its host name if its IP address is specified.

hostname - A TCP/IP utility used to show or modify a client’s host name.

ICS (Internet Connection Sharing) - A service provided with Windows operating systems that allows one computer, the ICS host, to share its Internet connection with other computers on the same network.

ICS host - On a network using the Microsoft Internet Connection Sharing service, the computer whose Internet connection other computers share. The ICS host must contain two network interfaces: one that connects to the Internet and one that connects to the LAN.

IMAP (Internet Message Access Protocol) A mail retrieval protocol that improves on the shortcomings of POP. The single biggest advantage IMAP4 has relative to POP is that it allows users to store messages on the mail server, rather than always having to download them to the local machine. The most current version of IMAP is version 4 (IMAP4).

IMAP4 (Internet Message Access Protocol, version 4) - The most commonly used form of the Internet Message Access Protocol (IMAP).

Internet Connection Sharing - See ICS.

Internet Message Access Protocol - See IMAP.

Internet Message Access Protocol, version 4 -See IMAP4.

IP masquerading See DNAT.

MIME (Multipurpose Internet Mail Extensions) -A standard for encoding and interpreting binary files, images, video, and non-ASCII character sets within an e-mail message.

mtr (my traceroute) - A route discovery and analysis utility that comes with UNIX and Linux operating systems. Mtr combines the functions of the ping and traceroute commands and delivers an easily readable chart as its output.

Multipurpose Internet Mail Extensions - See MIME.

my traceroute - See mtr.

NAT (Network Address Translation) - A technique in which IP addresses used on a private network are assigned a public IP address by a gateway when accessing a public network.

nbtstat - A TCP/IP troubleshooting utility that provides information about NetBIOS names and their addresses. If you know the NetBIOS name of a workstation, you can use nbtstat to determine its IP address.

NetBIOS - A protocol that runs in the Session and Transport layers of the OSI model and associates NetBIOS names with workstations. NetBIOS alone is not routable because it does not contain Network layer information. However, when encapsulated in another protocol such as TCP/IP, it can be routed.

netstat - A TCP/IP troubleshooting utility that displays statistics and the state of current TCP/IP connections. It also displays ports, which can signal whether services are using the correct ports.

Network Address Translation - See NAT.

network number See network ID.

network prefix See network ID.

nslookup -A TCP/IP utility that allows you to look up the DNS host name of a network node by specifying its IP address, or vice versa. This ability is useful for verifying that a host is configured correctly and for troubleshooting DNS resolution problems.

PAT (Port Address Translation) - A form of address translation that uses TCP port numbers to distinguish each client’s transmission, thus allowing multiple clients to share a limited number of Internet-recognized IP addresses.

pathping - A command-line utility that combines the functionality of the tracert and ping commands (similar to UNIX’s mtr command) and comes with Windows operating systems.

POP (Post Office Protocol) - An Application layer protocol used to retrieve messages from a mail server. When a client retrieves mail via POP, messages previously stored on the mail server are downloaded to the client’s workstation, and then deleted from the mail server.

POP3 (Post Office Protocol, version 3) - The most commonly used form of the Post Office Protocol.

Port Address Translation See PAT.

Post Office Protocol See POP.

Post Office Protocol, version 3 See POP3.

private network - A network whose access is restricted to only clients or machines with proper credentials.

public network - A network that any user can access with no restrictions. The most familiar example of a public network is the Internet.

route - A utility for viewing or modifying a host’s routing table.

route prefix The prefix in an IPv6 address that identifies a route. Because route prefixes vary in length, slash notation is used to define them. For example, the route prefix indicated by 2608:FE10::/32 includes all subnets whose prefixes begin with 2608:FE10 and, consequently, all interfaces whose IP addresses begin with 2608:FE10.

Simple Mail Transfer Protocol See SMTP.

slash notation See CIDR notation.

SMTP (Simple Mail Transfer Protocol) -The Application layer TCP/IP subprotocol responsible for moving messages from one e-mail server to another.

SNAT (Static Network Address Translation) - A type of address translation in which each private IP address is correlated with its own Internet-recognized IP address.

Static Network Address Translation See SNAT.

subnet prefix - The 64-bit prefix in an IPv6 address that identifies a subnet. A single IPv6 subnet is capable of supplying 18,446,744,073,709,551,616 IPv6 addresses.

Supernet - In IPv4, a type of subnet that is created by moving the subnet boundary to the left and using bits that normally would be reserved for network class information.

supernet mask - A 32-bit number that, when combined with a device’s IPv4 address, indicates the kind of supernet to which the device belongs.

supernetting See CIDR.

tracepath - A version of the traceroute utility found on some Linux distributions.

traceroute (tracert) - A TCP/IP troubleshooting utility that uses ICMP to trace the path from one networked node to another, identifying all intermediate hops between the two nodes. Traceroute is useful for determining router or subnet connectivity problems. On Windows-based systems, the utility is known as tracert.

Review Questions

1. A node on a network has an IP address of 140.133.28.72 and its subnet mask is

255.248.0.0. What type of subnetting has been used on this network?

a. Classless

b. Supernetting

c. Classful

d. No subnetting has been used.

2. What is the default subnet mask for a Class C network?

a. 0.0.0.0

b. 255.255.255.0

c. 55.255.0.0

d. 255.0.0.0

3. Convert the following subnet mask into its dotted-decimal equivalent: 1111111111111111 11111000 00000000.

a. 1.1.224.0

b. 224.224.128.0

c. 255.255.255.0

d. 255.255.248.0

4. On a network with an IP address of 140.133.28.72 (or 10001100 100001010001110001001000) and a subnet mask of 255.248.0.0 (or 11111111 111110000000000000000000), what is the network ID?

a. 140.128.0.0 (or 10001100 10000000 00000000 0000000)

b. 140.248.0.0 (or 10001100 11111000000000000000000)

c. 140.133.20.0 (or 0001100100001010001010000000000)

d. 255.248.0.1 (or 11111111111110000000000000000001)

5. As a networking consultant, you've been asked to help expand a client's TCP/IP network. The network administrator tells you that the network ID is subnetted as 185.27.54.0/26. On this network, how many bits of each IP address are devoted to host information?

a. 4

b. 6

c. 14

d. 26

6. You have decided to create 254 subnets on your Class B network. What subnet mask will you use to accomplish this?

a. 255.255.0.0

b. 255.254.0.0

c. 255.255.254.0

d. 255.255.255.0

7. If you subdivide your Class B network into 254 subnets, what is the maximum number of hosts you can assign to any single subnet?

a. 255

b. 212

c. 254

d. 225

8. If you worked on a network that could not interpret classless addressing, and your network ID was 145.27.0.0, what is the theoretical maximum number of different subnets you could create on this network?

a. 16

b. 64

c. 128

d. 254

9. Your company has leased a Class C network whose network ID is 205.61.128.0. You want to create 16 subnets within this network. One of the subnets will have an extended network prefix of 205.61.128.64. What will be the broadcast address for this subnet? (Hint: If you know the number of hosts per subnet, you can easily determine the broadcast address.)

a. 205.61.128.79

b. 205.61.128.143

c. 205.61.128.31

d. 205.61.128.95

10. Your workstation's IP address is 10.35.88.12, and your supervisor's workstation's IP address is 10.35.91.4. When you send data from your workstation to your supervisor's workstation, what is the most likely IP address of the first default gateway that will accept and interpret your transmission?

a. 10.35.88.12

b. 10.35.1.1

c. 10.35.88.1

d. 10.35.91.1

11. You have enabled NAT on your small office’s router. The router’s private network IP address is 198.162.6.1. Which of the following IP addresses is the most likely to be automatically assigned to one of the workstations that uses this router as its default gateway?

a. 192.168.6.1

b. 192.168.6.6

c. 192.168.255.0

d. 192.168.255.255

12. Which two of the following are benefits of using IMAP4 relative to POP3?

a. It allows users to review and delete mail without downloading it from the mail server.

b. It provides mail delivery guarantees.

c. It allows users to modify mail server settings.

d. It provides better encryption for message attachments.

e. It enables multiple users to easily share a central mailbox.

13. You have decided to use PAT on your small office network. At minimum, how many IP addresses must you obtain from your ISP in order for all five clients in your office to be able to access servers on the Internet?

a. 1

b. 4

c. 5

d. None, the private IP addresses will work.

14. What Network layer protocol does the traceroute utility use to obtain its information about paths between a source and destination?

a. UDP

b. ARP

c. NTP

d. ICMP

15. Which of the following commands allows you to view the routing table on your Linux workstation? (Choose all that apply.)

a. netstat -r

b. traceroute

c. netroute -R

d. route

e. tracepath

16. If you know that your colleague's TCP/IP host name is JSMITH, and you need to find out his IP address, which of the following commands should you type at your shell prompt or command prompt?

a. netstat jsmith

b. nbtstat jsmith

c. nslookup jsmith

d. ifconfig jsmith

17. Suppose your office's only DNS server was down, and you wanted to view the DNS address record for your company's domain. Which of the following TCP/IP utilities would allow you to do this?

a. nbtstat

b. netstat

c. traceroute

d. dig

18. When you use the mtr command to assess the path from your office workstation to a server on your company's WAN that's located in Spain, what is the first hop the mtr command will display?

a. Your workstation's IP address

b. Your default gateway's IP address

c. Your ISP's router's IP address

d. The Web server's address

19. Which of the following commands reveals the default gateway addresses for all the hosts to which a router is connected?

a. route

b. ping

c. host

d. ifconfig

20. What utility might you use to find out whether your ISP's router is responsible for the poor network performance your organization experiences on a particular afternoon?

a. route

b. netstat

c. mtr

d. ipconfig

Practice Quiz

1. The MIME standard replaces SMTP.

a. True

b. False

2. The most frequently used UNIX command is who.

a. True

b. False

3. A node’s network ____ provides information about the segment or network to which the node belongs.

a. frame

b. location

c. class

d. routing table

4. DHCP may be used to assign IP addresses and host names dynamically.

a. True

b. False

5. To manage network access more easily, you can combine users with similar needs and restrictions into ____.

a. roles

b. roots

c. groups

d. threads

6. NOSs do not fit neatly into one layer of the OSI model.

a. True

b. False

7. For simpler management, groups can be nested (one within another) or arranged hierarchically (multiple levels of nested groups) according to the type of access required by different types of users.

a. True

b. False

8. In CIDR, conventional network class distinctions exist.

a. True

b. False

9. The ipconfig utility is the TCP/IP configuration and management utility used on UNIX and Linux systems.

a. True

b. False

10. MIME is a standard for encoding and interpreting binary files, images, video, and non-ASCII character sets within an e-mail message.

a. True

b. False

11. ____ combines the functions of the ping and traceroute utilities.

a. Tracert

b. Mtr

c. Whois

d. Route

12. A broadcast address is known as a(n) ____ address for a network or segment.

a. reserved

b. default

c. open

d. informative

13. Domains are established on a network to make it easier to organize and manage resources and security.

a. True

b. False

14. The directory containing information about objects in a domain resides on computers called ____.

domain controllers

15. You can make commands even more specific by using ____, the equivalent to using wildcards in Windows and DOS.

file globbing

16. A(n) ____ is a logically separate area of storage on the hard drive.

a. patch

b. object

c. partition

d. pipeline

17. ____ permissions are passed down from the parent group (Administrators) to the child group (Temps).

Inherited

18. The word ____ refers to the hardware on which an NOS runs.

a. server

b. Active Directory

c. attribute

d. class

19. Subnet masks are only used in IPv4 classful addressing.

a. True

b. False

20. In LDAP-compatible directories, a(n) ____ is the set of definitions of the kinds of objects and object-related information that the directory can contain.

schema

21. ____ enables a server to share resources with clients.

a. NOSs

b. network operating systems

22. A UNIX ____ is a file that contains instructions for performing a specific task such as reading data from and writing data to a hard drive.

a. root domain

b. process

c. kernel module

d. schema

23. In the LDAP standard, directories and their contents form trees.

a. True

b. False

24. ____ prevents the need for a shared application to function differently for each different type of client.

a. Mac OS X Server

b. NTFS

c. Paging

d. Middleware

Chapter Test

1. POP3’s design makes it best suited to users who retrieve their mail from the same workstation all the time.

a. True

b. False

2. POP3 (Post Office Protocol, version 3) relies on TCP and operates over port ____.

a. 25

b. 11

c. 110

d. 250

3. In CIDR, conventional network class distinctions do not exist.

a. True

b. False

4. The ____ gateway is the gateway that first interprets its outbound requests to other subnets, and then interprets its inbound requests from other subnets.

a. default

b. Internet

c. proxy

d. core

5. The MIME standard replaces SMTP.

a. True

b. False

6. In ____ addressing, the network information portion of an IPv4 address is limited to the first 8 bits in a Class A address.

a. limited

b. stateful

c. classful

d. subnet

7. Because the octets equal to 0 and 255 are ____, only the numbers 1 through 254 can be used for host information in an IPv4 address.

a. unobtainable

b. open for general use

c. out-of-range

d. reserved

8. The combination of additional bits used for subnet information plus the existing network ID is known as the ____________________.

extended network prefix

9. When using classful IPv4 addressing, a network ID always ends with an octet of ____.

a. 0

b. 00000000

c. 1

d. 255

10. ____________________ is the protocol responsible for moving messages from one mail server to another over TCP/IP-based networks.

SMTP

11. A class ____ network class is reserved for special purposes.

a. A

b. B

c. C

d. D

12. A program similar to mtr, ____, is available as a command-line utility in Windows operating systems.

a. route

b. nbstat

c. pathping

d. dig

13. The result from ANDing 11001111 with 10010001 is ____.

a. 10010001

b. 00000001

c. 11001111

d. 10000001

14. The backbone are called ____________________ gateways.

core

15. In classful addressing, the Class B IPv4 address network ID is located in the ____.

a. first 16 bits

b. last 16 bits

c. first 8 bits

d. last 8 bits

16. The gateways that make up the Internet backbone are called ____ gateways.

a. proxy

b. Internet

c. default

d. core

17. In classful addressing, Class C IPv4 address host information is located in the ____.

a. last 8 bits

b. first 8 bits

c. last 16 bits

d. first 16 bits

18. IMAP4 servers require less storage space and usually more processing resources than POP servers do.

a. True

b. False

19. CIDR notation takes the form of the network ID followed by a(n) ____, followed by the number of bits that are used for the extended network prefix.

a. underscore ( _ )

b. forward slash ( / )

c. backward slash ( \ )

d. dash ( - )

20. IMAP (Internet Message Access Protocol) is a mail retrieval protocol that was developed as a more sophisticated alternative to ____.

a. SMTP

b. MIME

c. POP3

d. POP

21. On a network using TCP/IP, some nodes may use multiple IP addresses.

a. True

b. False

22. An example of a popular client email software is ____.

a. Microsoft Exchange Server

b. Sendmail

c. Microsoft Outlook

d. MIME

23. An administrator can discover the host name assigned to a client by using the ____ utility.

a. host

b. hostname

c. nbstat

d. nslookup

24. The ____ utility allows you to view a host’s routing table.

a. dig

b. route

c. pathping

d. nbstat

25. Within a classful addressing subnet mask, the ____ bits indicate that corresponding bits in an IPv4 address contain network information.

a. 0

b. 1

c. first eight

d. last eight

Pages

CTS1134 - Networking Technologies

Chapter 9 - Review

Labels

Popular Posts

Blog Archive