CIT 500: IT Fundamentals
description
Transcript of CIT 500: IT Fundamentals
Topics
1. LANs and WANs2. TCP/IP Layers3. IP Addressing and Routing4. SSH remote logins5. Web access6. Network commands
2
Networks
Networks are groups of connected computers.– Wired: ethernet, frame relay.– Wireless: 802.11, bluetooth.
Scales– LAN– WAN– Internetwork
Hardware– Network Interface Cards (NICs)– Hubs and switches– Routers
3
Circuit vs Packet Switching
Circuit-switched: A connection called a circuit is set up between two devices and used for the whole communication.
Packet-switched: Data is chopped up into small pieces called packets and sent over the network. Each packet may follow a different path between the communicating parties.
Logical and Physical Network Paths
Logical network path
6
Physical network path
Send me the web page at http://nku.edu/.
PC
Here’s the HTML data for that page.
PC
Server
Server
Switch
RouterSwitch
Router
Local Area Networks
• Network covering a small physical area, i.e. an office up to a campus.
• LAN Hardware– Network Interface Card (NIC)– Twisted pair cabling.– RJ45 connectors.
7
Broadcast Local Delivery
• Send message to every PC on network.
• Each PC checks address that message was sent to.
• If address matches address of PC, PC accepts message.
8
Hub
Switched Local Delivery
Switch learns location of PCs.Ex: A sends message to C.
1. Switch receives traffic on port 1.2. Adds A to table for port 1.3. Switch sends message to all ports but 1.
9
Port Computer
1 ?
2 ?
3 ?
4 ?
Port Computer
1 A
2 B
3 C
4 D
Initial Switch Table
Final Switch Table
Switch
A B C D
4
2
1
3
Ethernet MAC Addresses
• OUI assigned by IEEE.• Burned in address (BIA) stored in ROM.• Can be replaced with a local address.
Switch Hardware
Switch ports can plug into– Other switches.– Hubs.– PCs or other end devices.
11
Small Home/Office Switch
Rack-mounted Switch
Building larger LANs
What if you run out of ports?– Plug a switch into one of the ports.
What if you run out of port/MAC table space?– Build larger tables—for every host in world?– Use routing.
How is routing different from switching?– Structured addresses allow grouping of hosts.
12
Routing LogicPC1: If host on same Ethernet,
send; otherwise, send to gateway router.
R1, R2: Lookup destination in route table and forward packet to specified router.
R3: Lookup destination in route table and send to local Ethernet.
IP Addresses32-bit integers
One for each network interface.Dotted decimal notation: ii.jj.kk.ll
172 . 16 . 254 . 1
10101100 00010000 11111110 00000001
1 byte
32 bits = 4 bytes
Grouping IP AddressesGroups of consecutive IP addrs are called networks.
Routing table would only need 3 entries below.
Network and Host Parts
IP addresses are divided into two parts– Network ID (like zip code)– Host ID (like street address)
Network ID Host ID
Two special IP addresses– Network address (e.g. 130.4.0.0)– Broadcast address (e.g. 130.4.255.255)
Assigning Addresses
ICANN assigns network numbers.– Internet Corporation for Assigned Network
Numbers.– ICANN gives authority to regional orgs, e.g. ARIN
(American Registry for Internet Numbers)– Typically to ISPs, universities, corporations.
ISP assigns IP addresses within network
Why WANs?The obvious answer: distance
– Ethernet can’t travel over many miles.– You don’t have the rights-of-way to run a cable
over many miles between sites.
Solution: point-to-point leased line.
What is the Internet?
1. The Internet isn't complicated2. The Internet isn't a thing. It's an agreement.3. The Internet is stupid.4. Adding value to the Internet lowers its value.5. All the Internet's value grows on its edges.6. The Internet's three virtues:
a. No one owns it b. Everyone can use it c. Anyone can improve it
From http://www.worldofends.com/20
Internet StandardsIETF (Internet Engineering Task Force)
– Open group responsible for Internet standards.RFC (Request for Comments)
– Internet standard documents.– IETF archives RFCs at www.ietf.org.
IANA (Internet Assigned Numbers Authority)– Coordinates unique network numbers.– IP addresses, protocol numbers, etc.
ICANN (Inet. Corp. for Assigned Names & Numbers)– Manages DNS top level domains (TLDs) like .com, .gov– Gives domain registrars responsibilities over domains.
History of Internet1969 ARPAnet created (4 hosts)1984 DNS deployed1986 Cleveland Freenet offers free Internet access1987 Number of hosts reaches 10,0001988 Morris Worm1989 Number of hosts reaches 100,0001990 First commercial dialup ISP1991 WWW released at CERN1992 Number of hosts reaches 1,000,0001993 Mosaic, graphical web browser, released1994 First banner ads appear on the web1995 AOL offers Internet access1996 Telcos try to ban Internet telephones1996 Number of hosts reaches 10,000,0002000 Number of hosts reaches 100,000,000
CIT 140: Introduction to IT Slide #24
Dig: DNS Lookupdig [options]
Purpose Interact with name servers specified in/etc/resolv.conf and display
their responsesOutputResponses of name servers for queries
sent to themCommonly used option/features:-f file For batch operation , take domain names
(or IP addresses) from ‘file-p port Interact with a name server at ‘port’
instead of the default port53
CIT 140: Introduction to IT Slide #25
Dig Example> dig www.google.com
; <<>> DiG 8.3 <<>> www.google.com;; res options: init recurs defnam dnsrch;; got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 5,
ADDITIONAL: 0;; QUERY SECTION:;; www.google.com, type = A, class = IN
;; ANSWER SECTION:www.google.com. 14m40s IN CNAME www.l.google.com.www.l.google.com. 4m40s IN A 72.14.203.104www.l.google.com. 4m40s IN A 72.14.203.99
SSH Features
Secure loginssh –l user host
Secure remote command executionssh –l user host command
Secure file transfersftp –l user hostscp file user@host:/tmp/myfile
The Problem of Passwords
1. Good passwords are hard to remember.2. Password transferred to remote system.3. Automating remote access with passwords is
difficult.
Key-based Authentication
SSH has a public-key authentication feature.Private key stored in your machine.Public key stored on remote machines.
Public-key login protocol1. Client sends server a login request.2. Server issues a challenge.3. Client responds with computation based on
challenge and private key.4. Server checks response with public key.
Using key-based authentication
1. Generate a public/private key pair.ssh-keygen
Encrypted key files: id_dsa, id_dsa.pub
2. Copy public key to remote hostCopy to ~/.ssh/authorized_keys.
3. Login to remote hostssh –l user remote
Keys are more secure than Passwords
1. Need to have two items to login: key file and passphrase.
2. Neither key nor passphrase is sent to remote host.
3. Machine-generated cryptographic keys are infeasible to guess, unlike passwords.
SSH Agent
Problem: you have to enter passphrase to decrypt the key each time you use ssh.
Solution: SSH Agent> ssh-agent $SHELL > ssh-add Enter passphrase for /home/jw/.ssh/id_dsa: ********
Identity added: /home/you/.ssh/id_dsa (/home/jw/.ssh/id_dsa)
> ssh –l jw host
SSH Agent Features
Agent support for entire session.Start ssh-agent on initial shell.X: ~/.xsession (Often enabled by default.)
Multiple keysssh-add keyfilessh-add –l
Remove keysssh-add –d keyfilessh-add –D
Text-based web browsers
Widely used text-based browsers– Lynx– Links
Advantages– Support for blind users.– Privacy: no image-based web bugs.– Performance.– Use –dump option for non-interactive use.
34
wget
wget URL – non-interactive network download
-o file Save URL to specified file.-c Continue getting partially downloaded file.-p Download all support files (images, css, js.)-k Change links to point to local files (-k –p)-r Recursively download links in target.-t # Retry specified number of times (default 20)
35
Ping
• Test to see if remote host is available.• If connection fails, test link by link
– Ping system on your LAN.– Ping closest router.– Ping next router.– …– Ping target system.
• One link will fail if cannot reach remote host.• Use –c option to specify number of packets.
36
Traceroute
Tracks path through each router to destination– Reports which routers the packets passed through– Reports how much time it took for each hop
Useful for identifying network problems– Identify which links are down– Identify which links are slow
Remote traceroutes via www.traceroute.org.
37
ifconfig
ifconfig [-a] int – configure a network interface
Only root can modify settings.
[-a] list settings for all interfacesint list settings for the specified interface
intLinux typically uses eth0, eth1 for
Ethernet38
hostname
hostname – show or set system’s host name; may or may not include DNS
domain.
dnsdomainname – show or set system’s DNS domain name.
39
References
1. Daniel J. Barrett, Robert G. Byrnes, Richard E. Silverman, SSH, The Secure Shell, 2nd edition, O’Reilly, 2005.
2. Wendell Odom, CCNA Official Exam Certification Library, 3rd edition, Cisco Press, 2007.
3. Bill Parkhurst, Routing First-Step, Cisco Press, 2005.4. Doc Searls and David Weinberger, World of Ends,
http://www.worldofends.com/, 2003.5. W. Richard Stevens, TCP/IP Illustrated, Addison-Wesley,
19946. Nicholas Wells, The Complete Guide to Linux System
Administration, Thomson Course Technology, 2005.
40