book

Local Networks and the Internet: From Protocols to Interconnection

by Laurent Toutain, Ana Minaburo

April 2011

Intermediate to advanced

512 pages

16h 3m

English

Wiley

Read now

Unlock full access

Cover
Title Page
Copyright
Chapter 1: Introduction
1.1. Why a network?1.2. Network classification1.2.1. Function of distance1.2.1.1. Local networks1.2.1.2. Metropolitan network or access network1.2.1.3. Public networks1.2.2. Function of the topology1.3. Interconnection networks1.4. Examples of network utilization1.5. The Internet network1.5.1. History1.5.2. Functioning principle1.5.2.1. Protocols1.5.2.2. Network structure1.6. Structure of this book
Chapter 2: Standardization and Wiring
2.1. The IEEE 802 committee2.1.1. Traffic types and constraints2.1.2. Constraints2.2. The standards2.3. IEEE 802.1 addressing2.3.1. MAC address2.3.2. EUI-642.4. Cabling rules2.4.1. Twisted pair wiring2.4.2. Optical fibers
Chapter 3: Ethernet and IEEE 802.3 Protocols
3.1. History3.2. Physical level3.2.1. The supports3.2.2. The interfaces and connectors3.3. The fundamentals of CSMA/CD3.3.1. Protocol parameters3.3.2. BEB algorithm3.3.2.1. Emission algorithm3.3.2.2. Reception algorithm3.3.3. Limits of the CSMA/CD algorithm3.3.4. The repeaters3.4. Frame format3.4.1. Physical level3.4.2. MAC level3.4.2.1. IEEE 802.3 frame3.4.2.2. Ethernet frame3.5. The 10BASE5 network3.5.1. The equipment3.5.2. Manchester coding3.6. Devices for the 10BASE23.7. Twisted pair equipment3.7.1. The hubs3.7.2. The switches3.7.2.1. Operation mode3.7.2.2. Flow control3.7.3. The 100BASE-T3.7.3.1. Model 13.7.3.2. Model 23.7.3.3. Encoding 100BASE-TX information3.7.3.4. Encoding 100BASE-T4 information3.7.4. 1000BASE-T3.7.5. Auto-negotiation3.7.5.1. Messages3.7.5.2. Technology selection3.8. Fiber optics3.8.1. 10BASE-F3.8.2. 100BASE-FX3.8.3. 1000BASE-X3.8.4. Encoding3.8.5. Auto-negotiation3.8.6. Half-duplex mode and burst transmission3.9. Examples of Ethernet frames3.9.1. Signalovera 10BASE2 segment3.9.2. Frames3.10 Evolution of the Ethernet
Chapter 4: The LLC and SNAP Sublayers
4.1. Definition4.2. LLC frames4.2.1. Frame formats4.2.1.1. DSAP and SSAP fields4.2.1.2. The control field4.2.1.3. The P/F bit4.2.2. Examples of protocols4.2.2.1. Case without errors (Figure 4.7)4.2.2.2. Case with loss of frames (Figure 4.8)4.2.2.3. Case with multiple losses (Figure 4.9)4.2.2.4. Case of a sequence break (Figure 4.10)4.2.3. Window widths4.3. Example4.3.1. Type 1 LLC4.3.2. Type 2 LLC4.4. The SNAP layer4.4.1. Frame formats4.4.2. Example
Chapter 5: Interconnection by Bridges: The Spanning Tree Algorithm
5.1. Introduction5.2. Transparent filtering bridges5.2.1. Simple case5.2.2. Complex case5.3. Spanning tree algorithm5.3.1. Example5.3.1.1. Bridges in parallel5.3.1.2. Interconnection of four networks5.3.2. Information update5.3.3. State diagram5.3.4. Message format5.3.5. Example
Chapter 6: Internet
6.1. The Internet players6.1.1. The Internet Society6.1.2. The IAB6.1.3. The IESG6.1.3.1. Function of an IETF working group6.1.3.2. Working group creation6.1.3.3. The RFC6.1.4. The IRSG6.1.5. Address and protocol parameter management6.1.5.1. The ICANN6.1.5.2. The IANA6.1.5.3. The regional authorities (RIR)6.1.5.4. The who is database
Chapter 7: IP Protocols
7.1. Implementation of the TCP/IP protocols7.1.1. Terminal equipment7.1.2. Routers7.1.3. IP layer architecture7.2. Internet addressing7.2.1. Notation7.2.2. Special IPv4 addresses7.2.3. IPv4 class addressing7.2.3.1. Usage of the netmask7.2.3.2. Variable length network masks7.2.3.3. Classfull address drawback7.2.4. Hierarchical addressing7.2.4.1. Classless Internet domain routing (CIDR)7.2.4.2. Aggregation rules7.2.4.3. Example of allocation hierarchy7.2.5. Special IPv4 prefixes and addresses7.2.5.1. Addresses for private networks (RFC 1597)7.2.6. Special IPv6 addresses and prefixes7.3. The IPv4 protocol (RFC 791, RFC 1122)7.3.1. Format of IPv4 datagrams7.3.1.1. Version7.3.1.2. Internet header length7.3.1.3. Type of service7.3.1.4. Total length7.3.1.5. Fragmentation7.3.1.6. Time to Live7.3.1.7. Protocol7.3.1.8. Checksum (RFC 1071, RFC 1141)7.3.1.9. Source and destination addresses7.3.1.10. Options7.4. The ICMP (Internet Control Message Protocol) (RFC 792)7.4.1. The message cannot reach its destination7.4.2. Expired TTL and the traceroute program7.4.2.1. Limitation of ICMP traffic7.4.2.2. Loose source routing option7.4.3. Quench source7.4.4. Redirection indication7.4.5. Echo/the ping command7.4.5.1. Route recording option7.4.5.2. Broadcast address7.4.6. Netmask request /reply to netmask (RFC 950)7.4.7. Information about routers (RFC 1256)7.4.8. MTU discovery (RFC 1191)7.5. The IPv6 protocol7.5.1. Format of IPv6 datagrams7.5.2. The ICMPv6 protocol7.6. Tunnels7.6.1. Architecture7.6.2. Encapsulations7.6.2.1. Simple encapsulation7.6.2.2. Generic routing encapsulation7.7. Configurations7.7.1. Configuration of a Unix station7.7.2. Visualization7.7.3. Configuration7.8. Configuration of a Cisco router7.8.1. Visualization7.8.2. Configuration7.9. IPv4 and multicast7.9.1. Format of multicast addresses7.9.2. The IGMPv2 protocol (RFC 3376)

Chapter 8: Level 4 Protocols: TCP, UDP and SCTP
8.1. Port notion8.2. TCP (Transmission Control Protocol) (RFC 793)8.2.1. TCP format message8.3. The three protocol phases8.3.1. Establishing a connection8.3.1.1. Choice of initial sequence number8.3.1.2. SYN flooding attacks8.3.2. Data transfer8.3.2.1. Example over a local network8.3.2.2. Example over a public network8.3.3. Closing a connection8.4. The options8.5. Adaptation to the environment8.5.1. Timer management8.5.1.1. Round trip time (RTT) estimation8.5.1.2. RTT estimation with options8.5.1.3. Timestamp value estimation8.5.1.4. Fast data retransmission8.5.2. Limitations of packets emitted8.5.2.1. Acknowledgment delay8.5.2.2. The Nagle algorithm8.6. TCP flow control8.6.1. Applicative flow control8.6.1.1. Silly window syndrome8.6.2. Congestion control at network level8.6.2.1. Slow start8.6.2.2. Congestion avoidance8.6.2.3. Fast recovery8.6.2.4. Selective acknowledgements (RFC 2018)8.7. Study of TCP by simulations8.7.1. Self-clocking8.7.2. TCP Tahoe8.7.3. TCP Reno8.7.4. TCP newReno8.7.5. Selective acknowledgements8.8. Network consideration of TCP8.8.1. RED8.8.2. Explicit congestion notification (ECN)8.8.3. TCP over different supports8.8.3.1. High-speed networks8.8.3.2. Asymmetric networks8.8.3.3. Radio networks8.9. The UDP (user datagram protocol) (RFC 768)8.9.1. Message format8.9.2. TCP friendly8.9.3. The UDP-Lite protocol (RFC 3828)8.9.4. The RTP protocol (RFC 1889)8.10. SCTP8.10.1. General message format8.10.2. Creation of associations8.10.3. Data transfer8.10.4. Verification of the feasiblity of association8.10.5. Closing an association8.10.6. Example of SCTP traffic
Chapter 9: Address Resolution and Automatic Configuration Protocols
9.1. Introduction9.2. The address resolution protocol (ARP)9.2.1. ARP frame format9.2.1.1. Example9.2.1.2. ARP table9.2.1.3. Gratuitous ARP9.2.1.4. Proxy ARP9.2.2. The cases of broadcast and multicast addresses9.3. Neighbor discovery in IPv69.3.1. Principle9.3.2. Example9.4. Initialization and auto-configuration9.4.1. TFTP (trivial file transfer protocol) (RFC 1350)9.4.1.1. Scenario9.4.1.2. Security9.4.2. RARP (reverse address resolution protocol) (RFC 903)9.4.2.1. Frame format9.4.2.2. Configuration of a RARP server9.4.3. BOOTP (RFC 951 and RFC 1542)9.4.3.1. Packet format9.4.3.2. Scenario9.4.3.3. Example9.4.3.4. The case of different subnetworks9.4.4. DHCP (dynamic host configuration protocol) (RFC 2131)9.4.4.1. Traffic example9.4.4.2. Example of a configuration9.5. The domain name server (DNS) (RFC 1034, RFC 1035)9.5.1. General principles9.5.1.1. Roots9.5.1.2. Top level domains (TLD)9.5.1.3. Primary servers9.5.1.4. Secondary servers9.5.1.5. Server cache9.5.2. The principle of interrogation9.5.2.1. Client configuration9.5.2.2. Example of interrogation9.5.2.3. The nslookup command9.5.2.4. The dig (domain information groper) command9.5.3. arpa domain9.5.3.1. Reverse resolutions for IPv4 addresses9.5.3.2. Reverse resolution of IPv6 addresses9.5.3.3. ENUM9.5.4. Protocol9.5.4.1. Format of packets9.5.4.2. Example9.5.4.3. Transfer of information9.5.4.4. Information over a domain9.5.4.5. Transfer of zones9.5.5. Server configuration
Chapter 10: Routing Protocols
10.1. Routing tables10.2. Equipment classification10.3. Routing table configuration10.3.1. Display of the routing table under Unix or Windows10.3.2. Display of the routing table under Cisco10.3.3. Modification of the routing table under Unix10.3.4. Modification of the routing table for Cisco10.4. Station or router?10.5. High-speed router10.6. Router classification10.7. Routing protocols10.8. Autonomous systems
Chapter 11: Internal Routing Protocols
11.1. The Distant Vector algorithm11.1.1. Description11.1.2. Convergence problem11.1.2.1. Split horizon11.1.2.2. Chosen path and poisoned reverse11.1.3. Routing information protocol (RIP) (RFC 1058)11.1.4. RIP-2 (RFC 1723)11.1.5. Simple authentication11.1.5.1. MD5 authentification11.2. Link State algorithm11.2.1. Principles11.3. The OSPF protocol11.3.1. Vocabulary and concepts11.3.1.1. The notion of area11.3.1.2. Virtual link11.3.1.3. Area border routers11.3.1.4. AS boundary routers11.3.2. OSPF protocols (RFC 2328)11.3.2.1. The Hello protocol11.3.2.2. Designated router election11.3.2.3. Database loading11.3.2.4. Information propagation11.3.3. Examples11.3.3.1. Network initialization example11.3.3.2. Example with several networks11.3.3.3. Example with several areas11.4. IS-IS11.4.1. NSAP and NET addresses11.4.1.1. NSAP Format11.4.1.2. NSAP in IS-IS11.4.2. IS-IS protocols11.4.2.1. Hello protocol11.4.2.2. Link State packets11.4.2.3. CSN and PSN packets11.4.3. Example
Chapter 12: External Routing Protocols
12.1. Path announcing12.1.1. Principles12.1.1.1. The importance of announcement12.1.1.2. Multi-homing management12.1.2. The RIPE database12.1.3. Crossing ASs12.2. The interconnection points12.3. The symmetry of routes12.4. BGP (border gateway protocol)12.4.1. Message format12.4.1.1. Header12.4.1.2. Open12.4.1.3. Update12.4.1.4. Update in multi-protocol12.4.1.5. Notification12.4.2. Internal BGP12.4.2.1. Principle12.4.2.2. Internal information exchange12.4.2.3. Loopback interface12.4.3. Use of attributes12.4.3.1. Origin12.4.3.2. As_Path12.4.3.3. Next_Hop12.4.3.4. Multi_Exit_Disc or Med12.4.3.5. Local_Pref12.4.4. Synchronization between IGP and EGP12.5. Route selection rules12.6. BGP traffic analysis12.6.1. IPMA (Internet Performance Measurement and Analysis) project12.6.2. Network probe daemon12.7. Reduction of oscillations12.8. Routing limit in the Internet
Chapter 13: Virtual Local Networks
13.1. Definition13.2. Multicast data management13.2.1. GARP (Generic Attribute Registration Protocol)13.2.1.1. The equipment13.2.1.2. The protocol13.2.1.3. Messages format13.2.2. GMRP (GARP Multicast Registration Protocol)13.2.2.1. Reception13.2.2.2. Transmission13.3. Virtual networks13.3.1. VLAN membership13.3.2. Configuration of devices13.3.2.1. Manual13.3.2.2. Semi-automatic13.3.2.3. Automatic13.3.3. Labeling frames
Chapter 14: MPLS (Multi Protocol Label Switching)
14.1. Routing protocols’ limits14.2. MPLS header format14.3. Principles of operation14.4. MPLS label D distribution protocols14.4.1. LDP (Label Distribution Protocol) (RFC 5036)14.5. Traffic engineering
Chapter 15: IP on Point-to-Point Links: PPP
15.1. Serial links15.2. SLIP (Serial Link IP, RFC 1055)15.2.1. Principle15.2.1.1. Encapsulation15.3. PPP (point-to-point protocol, RFC 1661)15.3.1. Adaptation to physical support15.3.1.1. Frame format15.3.1.2. Transparency of the flag15.3.1.3. Format optimization15.3.2. The PPP frames15.3.3. Negotiation parameters15.3.4. The LCP protocol15.3.5. The authentication protocols (RFC 1334)15.3.5.1. PAP (Password Authentication Protocol)15.3.5.2. CHAP (Challenge Authentication Protocol)15.3.6. Layer 3 configuration protocols15.3.6.1. IPCP (IP Configuration Protocol)15.3.6.2. IPv6CP15.3.7. TCP/IP (RFC 1144) header compression15.3.7.1. Even greater compression15.3.7.2 Correction of errors15.3.7.3. Example15.3.7.4. Limitation of the Van Jacobson algorithm15.4. Configuration of routers15.5. The RADIUS protocol15.6. PPP over X.25 (RFC 1598)15.7. PPP over high-speed networks15.8. Bridging with PPP (RFC 1638)15.8.1. Data frames15.8.2. Spanning Tree frames15.8.3. BCP configuration protocol15.9. ADSL network architecture15.9.1. PPPoE (PPP over Ethernet)15.9.2. L2TP (Layer 2 Tunneling Protocol)
Chapter 16: Network Administration
16.1. Vocabulary and concepts16.1.1. Versions of SNMP16.2. ASN.1 (Abstract Syntax Notation)16.2.1. The standard16.2.1.1. Definition of a module16.2.1.2. Universal types and variables16.2.2. BER (basic encoding rules) encoding16.3. Definition of the MIB SNMP (RFC 1213)16.4. Format of SNMPv1 messages (RFC 1157)16.4.1. Interrogation message16.4.2. Management of tables16.4.3. Interrogation of MIB16.4.4. The trap message16.5. Formats of SNMPv2 messages (RFC 1905)16.5.1. Primitive getbulk16.5.2. Example of getbulk usage16.5.3. Error messages16.5.4. Trap messages16.6. Examples of SNMPv1 traffic16.6.1. Simple interrogation16.6.2. Interface requests16.7. MIB example16.7.1. The system group (1.3.6.1.2.1.1)16.7.2. The interface group (1.3.6.1.2.1.2)16.7.3. The at group (1.3.6.1.2.1.3)16.7.4. The IP group (1.3.6.1.2.1.4)16.7.5. The ICMP group (1.3.6.1.2.1.5)16.7.6. The TCP group (1.3.6.1.2.1.6)16.7.7. The UDP group (1.3.6.1.2.1.7)16.7.8. The SNMP group (1.3.6.1.2.1.11)16.8. Other MIBs16.8.1. The host MIB (RFC 2790)16.8.2. The RMON MIB (RFC 1757)
Chapter 17: Security
17.1. Risks17.2. Filtering routers17.2.1. IP spoofing17.3. Bastion17.4. Proxy17.5. NAT (Network Address Translator, RFC 1631)
Chapter 18: Flow Management
18.1. Quality of service18.2. Flow notion18.3. Flow management18.3.1. Equity18.3.2. Multiple queue mechanisms18.3.2.1. Strict priority queuing18.3.2.2. Round robin scheduling18.3.2.3. Weighted round robin18.3.3. Single queue mechanisms18.3.3.1. Naïve scheduler18.3.3.2. Virtual time18.3.4. Hierarchical sharing of bandwidth18.3.4.1. Definitions of sharing rules118.3.4.2. Class-based queuing18.4. Flow measurements18.4.1. Token bucket18.4.2. Shapers18.4.3. Network calculus18.5. Integration of services on the Internet18.5.1. RSVP characteristics18.5.2. Elements of particular networks18.5.3. RSVP message format18.5.3.1. RSVP objects18.5.4. Classes of services18.5.4.1. Available bandwidth and token bucket18.5.4.2. C and D parameters18.5.5. Source emission of a path message18.5.6. Resv frame emission for guaranteed service18.5.6.1. Calculus of C and D for WFQ18.5.6.2. Guaranteed service reservation example18.5.7. Resv message emission for the controlled service18.5.8. The future of RSVP18.6. Differentiated services18.7. Perspectives
Bibliography
Index

Content preview from Local Networks and the Internet: From Protocols to Interconnection

Chapter 17 Security

17.1. Risks

Although the Internet allows us to have fast access to a large quantity of information or to exchange e-mails, the interconnection to a network where any access control is implemented creates some risks. The information systems always contain design failures. A hacker can uses this to authorize the consultation, modification or destruction of a company’s internal documents. Following this section, we show some of the risks linked to information security in Unix environments.

Passwords are the reinforcements most often used to protect access to systems or documents. If a hacker knows the user name, he or she can try to guess the password by logging on to the computer. This type of attack takes a relatively long period of time. For instance if the hacker can get direct access to the file with these passwords, he or she can discover them faster in his or her system.

In Unix computers, the passwords are coded using an irrevocable algorithm before being stored on the hard disc. It is difficult to find the original from of the coded value. When a user logs on, the password given is automatically coded and compared to the stored value. This principle, apparently safe, led Unix designers to leave the coded password file available for everybody to access. Unfortunately, computer power having increased, it is now possible using brute force (e.g. testing all the words in the dictionary), to find the simplest passwords. The new version of Unix has corrected ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9781118599891Purchase book

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Local Networks and the Internet: From Protocols to Interconnection

by Laurent Toutain, Ana Minaburo

Chapter 17

Security

17.1. Risks

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.