Unique by CatheyMc

Network Structure
OSI Model
Home Networking
ASCII Character Chart

Registry Settings
IPv6

CD Media
Colors
comLinks
UNIX Basic Commands
links

FIDDI 

   Fiber Distributed Data Interface

     PAGE TOPICS:

TCP/IP   
TCP and UDP Port Numbers
CLASS A NETWORK ADDRESS
 
CLASS B NETWORK ADDRESS 
CLASS C NETWORK ADDRESS 
CLASS C & D NETWORK ADDRESS
RESERVED ADDRESS 
LOCAL LOOPBACK 
CLASS C SUBNETTING 
 

DNS 
GATEWAY 
WINS and
ScopeID 
HOSTS file
IPv6

TCP/IP PROTOCOLS 
TCP/IP UTILITIES
PBXes: CO Switches & IP

    SECURITY: Carnegie Melon OCTAVE   SANS policy  CERT tech tips      CERT Knowledgebase   CERT Securing Browser 

 Ralph's IP Addressing Article    VPN org

address pool

if considered as a range of available IP addresses from which unused addresses may be allocated in DHCP
address scope if considered as a range of numeric IP addresses that fall under DHCP's control, usually oniguous range
ABR area border router a router used to connect separate areas  (backbone)

ARP

Address Resolution Protocol see  #PROTOCOLS

ASBR autonomous system border routers  - connect autonomous systems
AS autonomous system  - a goroup of routers that is under a single administrative authority
BGP Border Gateway Protocol the exterior routing protocol in use on the internet.  as a general rule, only networks that connect to multiple internet providers should use BGP.  - part of the internet backbone - distance-vector protocol used to exchange information between separate autonomous systems.  RFC1771  It offers three types of routing a) inter-autonomous system routing, b) intra-autonomous system routing, c) pass-through autonomous system routing

BOOTP

Bootstrap Protocol  A layer 3 or TCP/IP Internet layer protocol designed to permit diskless workstations to obtain network access and an operating system image across the network as they begin booting. Developed in the 1970s, it is seldom used anymore for workstations, however is used for JetDirect. - replaced by DHCP. Interoperability  reference: RFC 1534.

IP CLASS ADDRESS RANGE

RESERVED ADDRESS:
127.x.x.x addresses are reserved

127.0.0.1 is the local loopback address for the NIC used to troubleshoot TCP/IP bindings




all-hosts multicast address:
224.0.0.1



subnet mask: 225.0.0.0
 

 

 

 

CLASS

Network RANGE
green is network addr

Classful Subnet Mask
Classful IP address

Classless Subnet Mask
Classless IP address

 

 

all IP Addresses that use the default subnet mask, where the first one, two, or three octets of the subnet mask are always network ID. You can’t use all zeros or all ones in an IP address.   The values are not incremented by 1 as they are in an IP address, but incremented by the powers of 2, up to 2^8.

a  subnet mask other than the default results in the standard Host bits being divided in to two parts: a Subnet ID and Host ID,
Where we must extend the original subnet mask to the right, thereby turning our one network ID into multiple network IDs

SEE:  CIDR

A begins with 0xxx, or 1 to 126 decimal

1.0.0.0 to 126.255.255.255

225.0.0.0 (8 bit)  or  /8

 

private IP address range for a Class A network*

10.0.0.0 to 10.255.255.255

 

 

B begins with 10xx, or 128 to 191 decimal

128.0.0.0 to 191.255.255.255

225.225.0.0 (16 bit)  or /16

 

private IP address range for a Class B Network*

172.16.0.0 to 172.31.255.255

 

 

C begins with 110x or 192 to 223 decimal

192.0.0.0 to 223.255.255.255

225.225.225.0 (24 bit) or /24

 

D begins with 1110 or 224 to 239 decimal
this class is mainly used for multicasting

224.0.0.0 to 239.255.255.255

 

 

E  begins with 111 or 240 to 254 (reserved for Internet experimentation)

240.0.0.0 to 254.255.255.255

 

 

When the node section is set to all "1"s, it specifies a broadcast that is sent to all hosts on the network.
What two addresses are “deducted” from the total number of IP addresses that may be calculated?
Answer: The Network address and the Broadcast address.1

NOTE:  in binary numbering: Everywhere there is a 1 in the subnet mask, you are looking at part of the network ID. Everywhere there is a zero, you are looking at part of the host ID, see Class C Subnetting

Private IP addresses  RFC1918   *private IP addresses are not routable on the internet
10.0.0.0 network        -  10.255.255.255    (10/8 prefix)
172.16.0.0 network    -   172.31.255.255    (172.16/12 prefix)
192.168.0.0 network  -    192.168.255.255  (192.168/16 prefix)

all routers multicast address: 224.0.0.1  or 224.0.0.2

CLASS A   (1-126)
NETWORK ADDRESS

( 001.x.x.x through 126.x.x.x)
(No more available)
 

IP ADDRESS:     (the first four octets are the Network portion of the address)  You can’t use all zeros or all ones in an IP address
A 32-bit binary number broken into four 8-bit binary numbers separated by dotted decimals
Of the first set of numbers, if the first bit is set to 0,  and it has a subnet mask of 255.0.0.0,  the remaining 7 bits identify the network address ( 001.x.x.x through 126.x.x.x)
The remaining 24-bits are used for host address space ( x. 0.0.1 through x.255.255.254)

Subnetting a network address allows it to be broken into more subnet networks with fewer hosts per network, see Class C Subnetting

NETWORK ADDRESS:
First bit is set to 0
Network has subnet mask of 255.0.0.0
The 7-bit network address space can accommodate 126 network addresses
Acceptable range is 001.x.x.x through 126.x.x.x
HOST ADDRESS:
After the network address space, the remaining 24-bit host address space can accommodate up to 16,777,214 hosts per network
Acceptable range  is x.0.0.1 through x.255.255.254
 

NETWORK IDENTIFIER is the left part of the address. HOST IDENTIFIER is the right part of the address.

NOTE:  in binary numbering: Everywhere there is a 1 in the subnet mask, you are looking at part of the network ID. Everywhere there is a zero, you are looking at part of the host ID, see Class C Subnetting

CLASS B  (128-151)
NETWORK ADDRESS

(128.0.x.x through 191.255.x.x)
(No more available)

IP ADDRESS:                (the first eight octets are the Network portion of the address) You can’t use all zeros or all ones in an IP address
A 32-bit binary number broken into four 8-bit binary numbers separated by dotted decimals
If the first 2 bits are set to 10 it has a subnet mask of 255.255.0.0, the remaining 14 bits identify the network address (128.0.x.x through 191.255.x.x)
The remaining 14 bits are used for host address space  (x.x.0.1 through x.x.255.254).

Subnetting a network address allows it to be broken into more subnet networks with fewer hosts per network, see Class C Subnetting

NETWORK ADDRESS:
Network has subnet address 255.255.0.0
The 14-bit network address space can accommodate 16,382 network addresses
Acceptable range is 128.0.x.x through 191.255.x.x

HOST ADDRESS:
After the network address space, the remaining 14-bit host address space can accommodate up to 65,534 hosts per network
Acceptable range of host addresses is x.x.0.1 through x.x.255.254
 

NETWORK IDENTIFIER is the left part of the address. HOST IDENTIFIER is the right part of the address. You can’t use all zeros or all ones in an IP address

NOTE:  in binary numbering: Everywhere there is a 1 in the subnet mask, you are looking at part of the network ID. Everywhere there is a zero, you are looking at part of the host ID, see Class C Subnetting

CLASS C  (192-223)
NETWORK ADDRESS

(192.0.0.x through 223.255.255.x

IP ADDRESS:                 (the first twelve octets are the Network portion of the address)
A 32-bit binary number broken into four 8-bit binary numbers separated by dotted decimals
If the first 3 bits are set to 110 and it has a subnet mask of 255.255.255.0, the remaining 21 bits define the network address (192.0.0.x through 223.255.255.x)
The remaining 8 bits are used for host address space (x.x.x.1 through x.x.x.254 )

Subnetting a network address allows it to be broken into more subnet networks with fewer hosts per network, see Class C Subnetting

NETWORK ADDRESS:
Network has subnet address 255.255.255.0
The 21-bit network address space can accommodate 2,097,150 network addresses
The acceptable range is 192.0.0.x through 332.255.255.x

HOST ADDRESS:
After the network address space, the remaining 8-bit host address space can accommodate 254 hosts per network
The acceptable range is x.x.x.1 through x.x.x.254

In this class of network are you most likely to supernet.  Class C networks are smaller and more plentiful than Class A and B networks.  Therefore, they are more available to be use, and, because of their size, often need to be combined in order to support larger networks.

NETWORK IDENTIFIER is the left part of the address
HOST IDENTIFIER is the right part of the address

 

CLASS C SUBNETTING:   You can’t use all zeros or all ones in an IP address
 
Everywhere there is a 1 in the subnet mask, you are looking at part of the network ID. Everywhere there is a zero, you are looking at part of the host ID

SUBNET MASK

BINARY VALUE OF LAST BYTE

SUBNETS AVAILABLE

HOSTS PER SUBNET

255.255.255.254

11111111.11111110

128

0

255.255.255.252

11111111.11111100

64

2

255.255.255.248

11111111.11111000

32

6

255.255.255.240

11111111.11110000

16

14

255.255.255.224

11111111.11100000

8

30

255.255.255.192

11111111.11000000

4

62

255.255.255.128

11111111.10000000

2

126

255.255.255.0

11111111.00000000

1

254

CLASS D  (224-239)
NETWORK ADDRESS

known as “multicast” addresses, are often used by routers to transmit changes in routing tables to other routers using a single message - voice over IP

CLASS E  (240-254)
NETWORK ADDRESS

exclusively reserved for Internet experimentation (currently not going on)

CIDR

Classless Inter-Domain Routing  A form of subnet masking that does away with placing network and host address portions precisely on octet boundaries, but instead uses the /n prefix notation, where n indicates the number of bits in the network portion of whatever address is presented.

A.    Class Licenses

1.      Class A

                                                                                 i.            Default netmask is 255.0.0.0

                                                                               ii.            Binary always starts with 0

                                                                              iii.            CIDR is /8

                                                                             iv.            IP address first octet range is 1-126

2.      Class B

                                                                                 i.            Default netmask is 255.255.0.0

                                                                               ii.            Binary always starts with “10”

                                                                              iii.            CIDR is /16

                                                                             iv.            IP address first octet range is 128-191

3.      Class C

                                                                                 i.            Default netmask is 255.255.255.0

                                                                               ii.            Binary always starts with 11

                                                                              iii.            CIDR is /24

                                                                             iv.            IP address first octet range is 192-223

 

Classless Subnetting
see Subnetting

Make subnets that aren’t Class A, B or C by defining the subnet mask at some point other than /8, /16, or /242.   Classless subnetting is simple in concept but complex in practice.  To make classless subnets, we must extend the original subnet mask to the right (in binary)

CLSM

 Constant-Length Subnet Masks, see subnetting

COMMON SUBNET MASKS

Number of bits

Class A
NNN.nnn.nnn.nnn

Class B
NNN.NNN.nnn.nnn

Class C
NNN.NNN.NNN.nnn

0
( default mask)

255.0.0.0
(default mask)

255.255.0.0
(default mask)

255.255.255.0
(default mask)

1

255.128.0.0
(default +1)

255.255.128.0
(default +1)

255.255.255.128
(default +1)

 

2

255.192.0.0
(default +2)

255.255.192.0
(default +2)

255.255.255.192
(default +2)

 

3

255.224.0.0
(default +3)

255.255.224.0
(default +3)

255.255.255.224
(default +3)

 

4

255.240.0.0
(default +4)

255.255.240.0
(default +4)

255.255.255.240
(default +4)

 

5

255.248.0.0
(default +5)

255.255.248.0
(default +5)

255.255.255.248
(default +5)

 

6

255.252.0.0
(default +6)

255.255.252.0
(default +6)

255.255.255.252
(default +6)

 

7

255.254.0.0
(default +7)

255.255.254.0
(default +7)

255.255.255.254
(default +7)

 

8

255.255.0.0
(default +8)

255.255.255.0
(default +8)

255.255.255.255*
(default +8)
*reserved for Broadcasts

Private IP addresses Private IP addresses  RFC1918    *private IP addresses are not routable on the internet
10.0.0.0 network        -  10.255.255.255    (10/8 prefix)
172.16.0.0 network    -   172.31.255.255    (172.16/12 prefix)
192.168.0.0 network  -    192.168.255.255  (192.168/16 prefix)

DHCP

·        Dynamic Host Control Protocol  allows the administrator to set up zones, or ranges, of IP addresses to be distributed dynamically to the network clients upon boot. UsingDHCP centralizes IP administration;  is easier to maintain than static IP addresses. It eliminates the tedious labor involved in manually managing IP addresses. DHCP also allows the administrator to establish static IP addresses.


DHCP CLIENT The software component on a TCP/IP client, usually implemented as part of the protocol stack software, that issues address requests, lease renewals and other DHCP messages to a DHCP server.

DHCP DISCOVERY  The four-packet process ;used to obtain an IP address, lease time and configuration parameters.  The four-packet process includes the Discover, Offer, Request and Acknowledgement packets.

DHCP  OPTIONS  Parameter and configuration information that defines what the DHCP client is looking for.  Two special options --):Pad  and 255:END--are used for housekeeping.  Pad simply ensures that the DHCP fields end on an acceptable boundary, and End denotes that there are no more options listed in the packet.

DHCP RELAY AGENT  A special purpose piece of software built to recognize and redirect DHCP Discovery packets to known DHCP servers.  When any cable segment or broadcast domain has no DHCP server directly attached, but includes DHCP clients that will need address management services and configuration data, it is necessary to install a DHCP relay agent on that cable segment or broadcast domain (or to enable routers to forward BOOTP packets to segments where DHCP servers are available.)

DHCP REPLY  a DHCP message that contains a reply from a server to a client's DHCP request message.

DHCP REQUEST  a DHCP message from a client to a server, requesting some kind of service; such messages occur only after a client receives an IP address and can use unicast packets (not broadcasts) to communicate with a specific DHCP server.

DHCP SERVER  The software component that runs on a network server, responsible for managing TCP/IP address pools or scopes and for interacting with clients to provide them with IP addresses and related TCP/IP configuration data on demand.

DHCP discovery When a DHCP clients boots up, it performs the Standard Address Discovery Process before it can communicate on the network.  The DHCP Discovery Process uses four packets: 1) DHCP Discover packet; 2)  DHCP Offer packet;  3)  DHCP Request packet   4)  DHCP Acknowledgement packet.

DHCP relay agent

If no DHCP server is present in the broadcast domain, the DHCP relay agent forwards the address request to a DHCP server whose address it knows (software must be installed). Such relays may be installed on Win 2K or 2003 servers, or on routers attached to other subnets that are not part of a DHCP broadcast domain.  The relay agent acts as an intermediary between the DHCP server and the client.

DNS
Domain Name System

                             DNS is the standard protocol across all releases of TCP/IP  see BIND
A hierarchical routing structure that links domain names to IP addresses.  DNS servers convert domain names to IP addresses

1.      Uses name resolution to resolve a hostname or URL to an ip address

2.      On older systems, DNS uses a special file called a HOSTS file

3.  DNS is not a dynamic environment, so all address updates must be entered manually.

·        The Domain Name Service (DNS) is used to resolve a URL or computer name to a known IP address. For example, when you type in the URL www.myplace.com ,  that web site name is resolved by DNS to the IP address 216.109.118.70. DNS is used because it is much easier to remember a web site URL than it is an IP address. It is the default naming resolution of the Internet.
DNS Country Codes   TLDs

DDNS Dynamic DNS - Starting with Win 2K, requiring that a Windows DNS implementation be linked to an Active Directory database to work (with DHCP also communicating with Active Directory)  Active directory actually tracks domain name-to-address relationships with the help of DHCP and submits necessary update requests to the DNS server. (RFC 2136)  Win 2003 is best for implementation - still some problems though. (p335)

DNS RRs
(databases)

DNS  Resource Records - the DNS resource records database is divided into four classes. (RFC 1035).  The nine most commonly used RR types, of interest to most users are:

SOA - start of Authority record:  SOA identifies the name server that is authoritative for a specific DNS database segment; it identifies the master DNS server for a specific domain or subdomain. The first entry in any DNS file must be the SOA record. (p318)
NS - name server record: used to identify all DNS servers in a domain, this field must be in the zone file.

- Address record: provide name-to-address mapping data; stores domian name-to-IP address translation data (uses FQDN)
CNAME - canonical name record: used to create aliases for hosts in your zone
HINFO - host information record:  stores descriptive information about a specific internet host
MX - mail exchange record: used to route SMTP based email on the Internet and identify the IP address for a domain's master email server
PTR - pointer record:  provide address-to-name mapping data; stores IP address-to-domain name translation data and supports the operation known as a reverse DNS lookup (uses FQDN)
TXT - Text record: may be used to add arbitrary text information to a DNS database, usually for documentation
WKS - Well-known services record: lists the IP-based services, such as Telnet, FTP, HTTP, that an Internet host can supply

DNS Servers

There are three kinds of DNS servers.  DHCP SERVER  The software component that runs on a network server, responsible for managing TCP/IP address pools or scopes and for interacting with clients to provide them with IP addresses and related TCP/IP configuration data on demand. Most current DHCP servers can handle multiple address pools. There are three types of servers as follows:

PRIMARY, aka, master server: is where the primary DNS database files for the domain(s) or subdomain(s) for which that server is authoritative reside. The server loads into memory an ASCII snapshot of the DNS database.  The file is sometimes called a zone file, or zone data file.  For any DNS zone, there can be only one primary master name server.  It's good practice to point clients at a caching-only server where one is available, and by definition, such a server can never be a primary DNS server.  Often primary servers for specific zones also function as slave DNS servers for other nearby zones.

SECONDARY, aka, slave server or secondary master: gets its data for the zone from a master server.  It checks its SOA file, comparing it to the value in the master server's database to make sure the data is current.  The zone data on a secondary server always originates from a primary server.  Multiple secondary servers may exist, but only one primary.

CACHING : store recently accessed DNS records from other domains to avoid incurring the performance overhead involved in making a remote query each time a resource outside the local domain is accessed.

Obtain Root Server Data file for a DNS server: ftp.ns.internic.net look in the /domain subdirectory for file:  named.root ; copy file  and rename it cache.dns to save it to %SystemRoot%System32\DNS directory;

REVERSE LOOKUP:  The file structure of reverse DNS lookups is classful.  Filesnames that map host names for reverse lookups are usually called:   addr.in-addr.arpa.dns (in which addr is the network number for the domain in reverse order, without the trailing 0s). e.g,, lanu.com, IP 206.224.65.0,  filename would be 65.224.206.in-addr.arpa.dns. Such files are also called in--addr.arpa files in the label that appears at the end of each reversed address in the files' PTR records. Note that other DNS implementations , primarily BIND, use a different naming convention, but all DNS require these files to operate no matter how they are named.

FTP

The protocol used when you transfer a file from one computer to another

FQDN

Fully Qualified Domain Name - consists of all elements of a domain name, in which each name on the directory tree is followed by a period, the final period stands for the root of the DNS hierarchy itself. Each node in that directory tree forms the root of a new subtree in the overall hierarchy, in which each such subtree represents a database segment.  You must use FQDNs in DNS A and PTR resource records.

GATEWAY

The gateway is the default route for all TCP/IP packets that are not destined for the local subnet.
1.  When an IP address is specified that is not part of the subnet of the workstation, the workstation must forward those packets to the default gateway or gateway router.
2. The gateway then determines whether the IP subnet is located on any of its ports.
3. If the packet is not destined for a local subnet connected to the gateway, it will forward the packet to its default gateway.

The router connecting a local network must know how to address packets for other systems that are not part of its local network We call this router the default gateway, gateway router, or sometimes just gateway. A gateway might be a router or it might be a PC that runs routing software Gateways are used by traffic destined for a remote system.

·        The default gateway address should be that of a forwarding router. The default gateway has one sole responsibility: to forward packets destined for a subnet other than the local subnet (a remote subnet).

HOSTS file

You can use the HOSTS file to assign static IP addresses to domain names.  The more dynamic properties of DNS servers have replaced the static database HOSTS file.  It is still in used on some older systems, especially UNIX.
The windows HOSTS file is located in the winnt\system32\drivers\etc directory.  Syntax for assigning an address::  192.168.10.1coriolis_ws99 # (the pound sign # is for remarks)

ICMP
 

Internet Control Message Protocol  ICMP Router Discovery Messages RFC 1256
ICMP messages consists of single packet,   They are connectionless, They show how IP packets are doing between any two hosts


ICMP ECHO PROCESS  a process whereby a host sends an Echo packet to another host on an internetwork.  If the destination host is active and able, it echoes back the data that is contained in the ICMP echo packet.

ICMP ECHO REQUEST PACKET  a packet that is sent to a device to test connectivity.  If the receiving device is functional and can reply, it should echo back the data that is contained in the data portion of the Echo Request packet.

ICMP ERROR MESSAGE  Error messages sent using the ICMP protocol.  Destination Unreachable, Time Exceeded and Parameter Problem are examples of ICMP messages.

ICMP QUERY MESSAGES  messages that contain requets for configuration or other information.  ICMP Echo, Router Solicitation and Address Mask Request are examples of ICMP messages.

ICMP ROUTER DIRECTORY  a process in which hosts send ICMP Router Solicitation messages to the all-router multicast address (224.0.0.2).  Local routers that support the ICMP Router Discovery process reply with an ICMP Router Advertisement unicast to the host.  The advertisement contains the router's address and a Lifetime value for the router's information.

ICMP ROUTER SOLICITATION  the process that a host can perform to learn of local routers.  ICMP Router Solicitation messages are sent to the all routers multicast address of 224.0.0.2

IGPs interior gateway protocol  intra-domain routing protocol  - is used to exchange routing information within an AS.  Most commonly used are RIP v1,v2 and OPSE

IP ADDRESS FORMAT

A. IP Address Format
1.  32-bit number divided into four 8-bit octets
2. Octets are delimited by a period
3.  Value of Octets must be between 0 and 255
 

B.     Converting IP addresses

1.      Dotted decimal notation

                                                                                 i.     Divide the IP address into four pieces of eight bits

                                                                               ii.      A group of eight bits has a limited number of permutations of ones and zeros.    The exact number of permutations is 28 or 256 different patterns of ones and zeros

2.      Can convert by hand or by using a calculator

3.      Use Windows command—IPCONFIG (Windows NT/2000/XP) and WINIPCFG (Windows 9x/ME) to obtain IP address.

IPP Internet Printing Protocol Using the appropriate software on your system, you can create an IPP print path from your system to any HP Jetdirect-connected printer over the Internet. IPP requests can be transmitted outbound through firewalls. the network administrator must configure the firewall to accept incoming IPP requests.

IPv6

 

IPng

 

with dual stack nodes

IPng (Internet Protocol next generation)

NO MORE BROADCASTS! In IPv6, broadcast is replaced with a multicast.- thanks to new ScopeField. Nodes must announce that they wish to recieve multicast traffic bound for a particular broadcast address. p584
IPv^Multicast address format:

8

4

4

112 bits

11111111 FLAGS SCOPE GROUP ID


IPV6 May be viewed as a  string that uniquely identifies on single network interface on the global Internet.  Alternately, that address can understood as an address with  network and host portions. How much of the address belongs to either portion depends on who's looking at it, where they are located in relation to the host with that address.
Uses a colon as a separator, instead of the period

Has six groupings of numbers compared to four for IPv4 (128 bits long) (more than 20 orders of magnitude over IPv4)

Each grouping is an eight bit number

The eight bits are made up of two, four-bit “nibbles”

Each group is a hexadecimal number between 0000 and FFFF

Leading zeros can be dropped from a group, so 00CF becomes simply CF

Use a pair of colons (::) to represent a string of consecutive 16-bit groups with a value of zero

The unspecified address (all zeros) can never be used, nor can an address that contains all ones

IPv6 offers an immense amount of additional IP addresses

Example: 1234:5678:90AB:CDEF:5555:6666
·       
IPv6 addresses consist of eight octets of 4 hexadecimal numbers. These numbers can have values ranging from 0000 to FFFF, and each set is delimited by a colon (:). Just like IPv4 addresses, no IPv6 address may contain all zeros or all F’s.

IPv^ includes important changes to security handling, auto configuration, efficiency of routing and handling of mobile users


Nodes that need to tunnel IPv6 packets through IPv4 routers use the IPv4-compatable address, called
dual stack nodes.  They understand both IPc4 and IPv6. (IPv6 nodes that need to communicate with IPv4 nodes that do not understand IPv6, all use the IPv4-mapped address)

SCOPE IDENTIFIER:
  Multicast addresses  use a 4-bit scope identifier, which is a 4-bit field that limits the valid range for a multicast address to define the portion of the Internet over which the multicast group is valid. p581-2

INTERFACE IDENTIFIERS (RFC 3041): Follow the EUI-64  format.  p581 following table Global/local and individual/group bits in IPv6

Bit 6 Bit 7 Meaning
0 0 Locally unique, individual
0 1 locally unique, group
1 0 Globally unique, individual
1 1 Globally unique, group
IP MOBILE
see LAM
mobile IP is described in RFC2003  2004  2005  2006 and 3220
LAM Local Area Mobility  Cisco proprietary feature that is similar to Mobile IP, but operates by using the routing table - simpler, with very little impact on the network.  When a router is configured with LAM it watches for traffic on its LAN that does not match its own IP address.  When it finds this traffic, it installs an ARP entry in its cache and a host route (a route entry with a 32-bit subnet mask) in its routing table.  The LAM is redistrubuted into the primary routing protocol, so that soon, all the other routes learn of the host route and forward the appropriate traffic.  Hosts on the home subnet are still able to communicate with the estranged node because the router on the home subnet proxies ARP (RFC826) and then routes the packets to the next hop listed in its routing table.
MIB
p502

HP MIB list

Management Information Base  Within any MIB, SMI (Structure of Management Information) defines the format for all objects maintained in that MIB.  The SNMP protocol is extensible by design. This is achieved through the notion of a management information base or MIB, which specifies the management data of a specific subsystem of an SNMP-enabled device, using a hierarchical namespace containing object identifiers, implemented via ASN.1. The MIB hierarchy can be depicted as a tree with a nameless root, the levels of which are assigned by different organizations. This model permits management across all layers of the OSI reference model, extending into applications such as databases, email, and the Java EE reference model, as MIBs can be defined for all such area-specific information and operations   http://en.wikipedia.org/wiki/Snmp
MIB2 RFCs 1213  2011  2012  2013; ATM MIB RFC2515;  PRINTER MIB RFC1759;  Intefaces Group MIB RFC2863; IPv6 MIB RFC2465
MIB-2
subordinates
SUBORDINATE (branches of the object tree)  MIBs:  (about System, Interfaces, Address Translation, IP, ICMP, UDP, EGP RFC1213 );    (about IP RFC 2011 );   (about IP RFC 2012) ; (about Appletalk RFC1742);   (about OSPF RFC1850);   (BGP RFC1657);   (about Remote Network Monitoring RFCs1271 1513-tokenring);  (about RIPv2 RFC1724);  (about Token Ring Station Route RFCs1748 1749);  (printer RFC1759)

MSS

Maximum Segment Size  is the amount of data that can fit in a packet after the TCP header.  Each TCP peer shares the MSS during the handshake process.

MTU

MTU is the amount of data that can fit inside a MAC header.

multicast address

address used to transmit information to multiple network hosts ,but using only ONE address.   All-hosts multicast address: 224.0.0.1
 

NetBIOS see WINS  NetBIOS over TCP RFC1001  RFC1002

Network ID

A number that identifies the network on which a device or machine exists; this is true in both IP and IPX protocol suites

OSPF Open Shortest Path First  RFC2328 the parimeter link-state routing protocol used on TCP/IP networks.

PORTS - Common Well Known TCP and UDP port numbers:
for Security, Ports in Red Should be ASSIGNED OR blocked   Trojan Horse Port Numbers
 see: IANA Assigned Port Numbers

Windows port support file located at \system32\drivers\etc\services\NETWORKS

Well Known Port Numbers (0 - 123)

Well known port numbers are assigned to the key, or core services that systems offer.

Registered Port Numbers (1025 - 49151)

Registered port numbers are assigned to industry applications and processes.

NOTE:  Some TCP-IP systems use between 1024 and 5000 for temporary numbers, although IANA includes that range as part of its dynamic port numbers range.

Dynamic Port Numbers (49152 - 65535)

Dynamic ports (also referred to as ephemeral ports) are used a temporary ports for specific communications.

Port Number

Used by

Identifier

Description

7

UDP

UDP

Echo process can be used to determine if a router is active. should not be used on client/server for security reasons

7

TCP

TCP echo

RFC 862

15

UDP

NETSTAT

Network Status

20, 21

TCP;UDP

FTP

File Transfer Protocol data/control

23

TCP;UDP

TELNET

Telnet

Novell and Win NT do not support port 23 connections for terminal emulation

25

TCP;UDP

SMTP

Simple Mail Transport Protocol

53

TCP

DOMAIN

Domain Name System (DNS zone file transfers)

65

UDP

TFTP

Trivial File Transfer Protocol

67

UDP

DHCP

(DHCP server) Client to Server  Bootstrap Protocol

68

UDP

DHCP

 (DHCP client) Server to Client  Bootstrap Protocol

69

UDP

TFTP

Trivial File Transfer Protocol  tftpd

80

TCP;UDP

HTTP

World Wide Web HTTP/Web applications

87 TCP   Link port

110

TCP;UDP

POP3

Post Office Protocol 3

111 & 2049 UDP; TCP   SunRPC and NFS

119

TCP;UDP

NNTP

Network News Transfer Protocol

135 UDP;TCP   NetBIOS related port
136 UDP; TCP   NetBIOS related port

137

UDP; TCP

 

NetBIOS Name Services

138 UDP/TCP   NetBIOS Datagrams
139 UDP/TCP   NetBIOS session services

router ports 137 138,139

used by UDP at Internet routers; TCP

ports 137, 138 and 139 should be blocked at the Internet router  to close off external traffic. NetBIOS related port

143

TCP/IP

IMAP

161

TCP/IP;UDP

SNMP

Simple Network Management Protocol

162

UDP

SNMP Trap

SNMP Trap -system management messages

199 TCP;UDP  (UNIX) (recommended by CERT)

smux

SNMP Unix Multiplexer

220

TCP;UDP

IMAP3

Interactive Mail Access Protocol 3

443

TCP/IP

HTTPS

secure Web applications

512

TCP   BSD unix "R" CMDS

513

TCP   BSD unix "R" CMDS

514

TCP  UDP   BSD unix "R" CMDS; UNIX systems provide a daemon, syslogd, that monitors UDP for incoming messages - the messages are processed depending their priority and how syslogd is set to operate
515 TCP   lpd

520

UDP

RIP

Routing Information Protocol

520

TCP

EFS

Extended Rile Name Server process.

540

TCP uucpd Daemon. Handles communications between BNU and TCP/IP

1433

UDP

SQL

Assigned to MS SQL process

1993

TCP;UDP   (recommended by CERT) snmp-tcp-port cisco SNMP TCP port
2000 TCP; UDP   openwindows

2049 & 111

SunRPC and NFS   SunRPC and NFS
6000+ UDP; TCP   X Windows
PMTU

MSS (Maximum Segment Size).

RFC1191   Path Maximum Transmission Unit.  A technique for dynamically discovering the  maximum transmission unit (MTU) of an arbitrary internet path (using ICMP)  -the largest size that does not   require fragmentation anywhere along the path from the source to the  destination -it is equal to the minimum of the MTUs of each hop in the path  -  host MUST never reduce its estimate of the Path MTU below 68  octets   -A host MUST not increase its estimate of the Path MTU in response to  the contents of a Datagram Too Big message. - A message purporting to  announce an increase in the Path MTU might be a stale datagram that has been floating around in the Internet, a false packet injected as part of a denial-of-service attack, or the result of having multiple paths to the destination

registry settings

see Windows Registry settings  the settings are used to manage TCP/IP protocols on a WIN based operating system

resolver

or name resolver - the piece of software that accesses DNS name servers on behalf of the network client.  These requests for service are called name queries or address requests.  Also known as an inverse DNS query.  In most cases the name resolve is built right into the TCP/IP stack for whatever operating system is in use.

reverse lookup

The file structure of reverse DNS lookups is classful.  Filesnames that map host names for reverse lookups are usually called:   addr.in-addr.arpa.dns (in which addr is the network number for the domain in reverse order, without the trailing 0s). e.g,, lanu.com, IP 206.224.65.0,  filename would be 65.224.206.in-addr.arpa.dns. Such files are also called in--addr.arpa files in the label that appears at the end of each reversed address in the files' PTR records. Note that other DNS implementations , primarily BIND, use a different naming convention, but all DNS require these files to operate no matter how they are named. (RFC 2317 - if you need to configure reverse lookup for a classless network)

RIP
v1 RFC1058
v2 RFC2453

Routing Information Protocol - interior gateway protocol to support internal routing.  Others are OSPF Open Shortest Path First.  RIP communications are UDP based, using UDP port number 520. v1 can contain information for up to 25 networks - it does not support non-default subnet masks.  v2 adds support for variable-length subnets. v2 is still commonly used, easy to set-up and manage.  For more complex networks, however the OSPF protocol fits much better.
RFC 1723With the advent of OSPF and IS-IS, there are those who believe that  RIP is obsolete.  While it is true that the newer IGP routing  protocols are far superior to RIP, RIP does have some advantages.   Primarily, in a small network, RIP has very little overhead in terms
   of bandwidth used and configuration and management time.  RIP is also  very easy to implement, especially in relation to the newer IGPs

RMON

Remote Monitoring p504 RFC1271  and RFC1513 for taken ring;
RMON2 extends capabilities RFC2021 with further definition at RFC2819

router
see: ICMP  
SNMP
pathping

a system that forwards IP datagrams.   Routers  support groups of separate, interconnected networks.  Routers direct network traffic. Routers read the IP addresses in each incoming packet. Routers use that information to then send the packet out on its way toward the intended recipient. The creators of the TCP/IP protocol suite invented the concept of routers.
all-router multicast address:  224.0.0.1 SPF MULTICAST ADDRESS: 224.0.0.5  DR multicast address: 224.0.0.6 (p470)

Network troubleshooting often use ICMP Destination Unreachable packets which can indicate a configuration service fault somewhere on the network. (ping)  The destination Unreachable packet must return the IP header and eight bytes of the original datagram that triggered this response. E.g., A DNA query to a host that does not support DNS.   ICMP Router Discovery Messages RFC 1256

subnetting

Using bits borrowed from the host section of an IP address to extend and subdivide the address space that falls beneath the network portion of a range of IP addresses Enables a system to distinguish between local and remote IP addresses. Uses networks IDs.

Whenever you see an IP address that ends with zeros, it is a network ID.
The Internet Assigned Numbers Authority (IANA) is the ultimate source of all network IDs.
 

1.      Every TCP/IP computer uses the subnet mask to compare network IDs

2.      Every network has a subnet mask

                                                                                 i.            Determined by the length of its network ID

                                                                               ii.            Everywhere there is a 1 in the subnet mask, you are looking at part of the network ID

                                                                              iii.            Everywhere there is a zero, you are looking at part of the host ID

3.      By placing a subnet mask on top of an IP address, a computer can tell which part of the IP address is the network ID and which part is the host ID

                                                                                 i.            Can determine which IP address is local

                                                                               ii.            Can determine which IP address is remote

4.      Subnet masks are represented in dotted decimal just like IP addresses

Subnetting secrets

Start with the given subnet mask and move it to the right until you have the number of subnets you need

Never try to subnet without first converting to binary.  Forget the dots.

You can’t use all zeros or all ones in an IP address

 

CLSM: (Constant-length subnet masks)  In CLSM, all the networks created will support only the same number of hosts.  The more common name, in a production environment, is “subnet”

VLSM: (
variable-length subnet mask) for subnetting across a class boundary, it’s subnetting a subnet.  The protocol used by routers in these network environments must support extended network prefix information
Yu would use VLSM if your subnets needed to support different numbers of network hosts.

supernet

It is the C class of network that you are most likely to supernet.  Class C networks are smaller and more plentiful than Class A and B networks.  Therefore, they are more available to be use, and, because of their size, often need to be combined in order to support larger networks.

supernet

 see Class C Network Address

superscope Win 2K and 2003 support the combining of multiple sets of IP address ranges in DHCP- this is a superscope.

SYN attack

SYN Flood Attack  an attack that sends multiple handshake establishment request packets (SYN) in an attempt to fill the connection que and force the victim to refuse future valid requests.

TCP
[SOCKET - PORT - SMTP]
IP

TCP  Transmission Control Protocol   is a Transport layer component
TCP is  a connection-oriented protocol that guarantees delivery of the data. It is at  the Transport layer of the TCP/IP protocol suite.  It establishes a virtual network between two computers by setting up end-to-end connections, across all routers in the affected network.   To make a connection between two computers, the sender makes a connection request, which the receiver grants.  It waits for authorization to send data and then checks to make sure that it was delivered in its entirety.  TCP uses IP as the transport mechanism between the host computers
TCP Separates functions of its individual application programs by port number.  One computer’s NIC can keep track of several applications at once

TCP/IP is not a protocol in and unto itself. It is actually a stack of protocols that are designed to operate a particular service such as email, web browsing and file transfers. Each service with this protocol stack has a corresponding port number that is used between systems to establish the appropriate session(s) for that service.
 

  SOCKET  Each computer in a communications session creates a socket, each of which has an address (a port number).
  PORTS  The client and server work together to set up a temporary connection using  ports to transport data.  The ports form an end-to-end connection using TCP or the UDP (User Datagram Protocol)
        SMTP:  When a process, such as a  SMTP (Simple Mail Transport Protocol) gateway, is installed on a host computer, it monitors port 25 and retrieves any data sent to that port.
        UDP:  (User Datagram Protocol)  is a connectionless-oriented protocol that does not guarantee data delivery.

IP   (Internet Protocol)  see IPv6
IP is the transport protocol.  TCP uses IP to deliver the datagram  across the network. to the appropriate computer.

TCP/IP PROTOCOLS

 

 

SEE

TCP UTILITIES

NOTE:  Protocols in Green cells are  some of the primary protocols. All TCP/IP services such as SMTP, FTP, Telnet or HTTP use ports to transfer data between host computers.  The TCP/IP hosts create a virtual session and these sessions use the port numbers to pass the data between them.  TCP OPTION NUMBERS

ARP

command:
arp -a

Address Resolution  Protocol - ( -a Used to correlate a MAC address with an IP address.) Converts between numeric IP network addresses and MAC addresses on a specific cable segment (always used for the final step of packet delivery)
In order to map an IP address into a hardware address the computer uses the ARP protocol which broadcasts a request message that contains an IP address,  to which the target computer replies with both the original IP address and the hardware address. 
 Used to map a MAC address with a known IP address.
1)  For local networks, ARP requests are broadcasts, thus routers cannot forward ARP requests
2)  Sending systems sends an ARP request to every node on the network
3)  Receiving system who claims that IP address sends back an ARP reply with its MAC address

BIND
(p306)

Berkeley Internet Name Domain - implementation of DNS developed in 1988 for UNIX, still popular for most UNIX  as well as for Win 2K and Win server 2003.

BGP

Border Gateway Protocol defines a widely used routing protocol that connects to common Internet Backbones or other routing domains within the Internet where multiple parties jointly share responsibility for managing traffic.

BOOTP

Bootstrap Protocol is the precursor to DHCP.  BOOTP permits network devices to obtain boot and configuration data across the network, instead of from a local drive, also does not change as may happen with DHCP.

EGPs Exterior Gateway Protocol - Routers use EGPs to connect ASs (autonomous systems), which are groups of routers under a single administrative authority.  BGP border gateway ptotocol is an example of an EGP

FTP  
 port 21

File Transfer Protocol - port 21
FTP enables transferring of text and binary files over TCP connection. FTP allows to transfer files according to a strict mechanism of ownership and access restrictions. It is one of the most commonly used protocols over the internet .

A TCP/IP service that runs on a host computer and allows files to be uploaded and downloaded.  The service monitors port 21 for incoming requests.  The client software opens a TCP session on port 21 with an FTP server.  Some of the more common FTP commands are GET, PUT, BINARY and ASCII.  FTP is also the protocol that UNIX hosts use to transfer files.

HTTP

 port 80

Hyper Text Transport Protocol - port 80  TCP:UDP A protocol used to transfer hypertext pages across the world wide web.  HTTP is the Web-browser-to-server protocol for the Internet.  It users port 80 of the TCP protocol to form the connection.

ICMP
host probes often represent early stages of attack

Network troubleshooting often use ICMP Destination Unreachable packets which can indicate a configuration service fault somewhere on the network. (ping)  The destination Unreachable packet must return the IP header and eight bytes of the original datagram that triggered this response. E.g., A DNA query to a host that does not support DNS.

Internet Control Message Protocol (ICMP), documented in RFC 792, is a required protocol tightly integrated with IP. ICMP messages, delivered in IP packets, are used for out-of-band messages related to network operation or mis-operation. Of course, since ICMP uses IP, ICMP packet delivery is unreliable, so hosts can't count on receiving ICMP packets for any network problem.

Commonly used for testing and troubleshooting routers.  ICMP messages consist of a single packet.  They are connectionless.  They show how IP packets are doing between any two hosts. ping is one of its utilities.

  • Announce network errors, such as a host or entire portion of the network being unreachable, due to some type of failure. A TCP or UDP packet directed at a port number with no receiver attached is also reported via ICMP.
     

  • Announce network congestion. When a router begins buffering too many packets, due to an inability to transmit them as fast as they are being received, it will generate ICMP Source Quench messages. Directed at the sender, these messages should cause the rate of packet transmission to be slowed. Of course, generating too many Source Quench messages would cause even more network congestion, so they are used sparingly.
     

  • Assist Troubleshooting. ICMP supports an Echo function, which just sends a packet on a round--trip between two hosts. Ping, a common network management tool, is based on this feature. Ping will transmit a series of packets, measuring average round--trip times and computing loss percentages.
     

  • Announce Timeouts. If an IP packet's TTL field drops to zero, the router discarding the packet will often generate an ICMP packet announcing this fact. TraceRoute is a tool which maps network routes by sending packets with small TTL values and watching the ICMP timeout announcements ((not commonly used for security reasons) (p201).

ICMP  Packet Types 1
TYPE 8 and 0: Echo Reply and Echo Packets (p 187)
TYPE 3: Destination Unreachable Packets (p 188)
TYPE 4: Source Quench (p194)
TYPE 5: Redirect  (p195)
TYPE 9 and 10: Router Advertisement and Router Solicitation  (p196)
TYPE 11: Time Exceeded (p198)
TYPE 12: Parameter Problem (p199)
TYPE 13 or 14: Timestamp and Timestamp Reply (p199)
TYPE 15 or16: Information Request and Information Reply (p200)
TYPE 17 or18: Address Mask Request and Address Mask Reply
(p200)
TYPE 30: Traceroute (not commonly used for security reasons) (p201)

IGPs Interior Gateway Protocols  - support internal routing.  RIP and OSPF are examples of IGPs.  See EGPs for exterior Gateway Protocols.

IP

Internet Protocol -  IP is the underline protocol for all the other protocols in the TCP/IP protocol suite. IP defines the means to identify and reach a target computer on the network.

NNTP

port 119

Network News Transport Protocol - 
Used to carry USENET posting between News clients and USENET servers. 

OSPF

Open Shortest Path First defines a widely used link-state routing protocol for local or interior routing regions within local internetworks.

PDU

protocol data unit -  PDUs are often generically described as packets, irrespective  of the layer in the model addressed

PING

Packet Internetwork Grouper checks accessibility and round-trip time between a specific sender and receiver pair of IP addresses. Ping is a basic diagnostic utility that allows network administrators to verify the connectivity of a remote computer by sending and receiving test ICMP (Internet Control Message Protocol) echo packets to it, and measuring its response time (in milliseconds).

POP3
port 110
TCP:UDP

  POST OFFICE PROTOCOL v3    A TCP/IP mail server protocol that delivers mail to clients on a TCP/IP network.    POP3 delivers mail only to a client.  POP3 is how Internet mail clients receive mail from Internet mail servers.

PPP  
 

Point-to-Point Protocol -   Protocol for  creating a TCP/IP connection over both synchronous and asynchronous systems.  PPP provides connections for host to network or between two routers, It also has a security mechanism. PPP is well known as a protocol for connections over regular telephone lines using  modems  (see ppoa below) on both ends. This protocol is widely used for connecting personal computers to the internet. see ppoe, below)

PPPOA or PPPoA

,Point-to-Point Protocol (PPP) over ATM  a network protocol for encapsulating PPP frames in ATM AAL5. It is used mainly with cable modem and DSL services

PPPoE

point-to-point protocol over Ethernet - a network protocol for encapsulating PPP frames in Ethernet frames.  It is used mainly with cable modem and DSL services.

PPP RFC 
number

Internet Engineering Task Force (IETF)    Title 

1549

PPP in HDLC Framing

1552

The PPP Internetwork Packet Exchange Control Protocol (IPXCP)

1334

PPP Authentication Protocols

1332

The PPP Internet Protocol Control Protocol (IPCP)

1661

Link Control Protocol (LCP)

1990

PPP Multilink Protocol

2125

The PPP Bandwidth Allocation Protocol (BAP), The PPP Bandwidth Allocation Control Protocol (BACP)

2097

The PPP NetBIOS Frames Control Protocol (NBFCP)

1962

The PPP Compression Control Protocol (CCP)

1570

PPP LCP Extensions

2284

PPP Extensible Authentication Protocol (EAP)

RARP

Reverse Address Resolution Protocol converts a MAC layer address into a numeric IP address

RIP

Routing Information Protocol , UDP based. Defines the original and most basic routing protocol for local routing regions within local networks.

S-HTTP

  SECURE HTTP

SLIP  
 

Serial Line Internet Protocol
A  point-to-point protocol to use over a serial connection, a predecessor of PPP. There is also an advanced version of this protocol known as CSLIP (compressed serial line internet protocol) which reduce overhead on a SLIP connection by sending just a header information when possible, thus increasing packet throughput.

  • Serial Line Internet Protocol (SLIP) is an older remote access standard typically used by UNIX remote access servers

  • You cannot configure a computer running Windows 2000 as a SLIP server. Only Windows 2000 clients that connect to other SLIP servers are supported.

  • You must use the TCP/IP protocol and a serial COM port to connect to a SLIP server.

  • The RFCs supported in Windows 2000 remote access are:  

    • RFC 1144, "Compressing TCP/IP Headers for Low-Speed Serial Links"

    • RFC 1055, "A Nonstandard for Transmission of IP Datagrams Over Serial Lines: SLIP"

SMTP

 port 25
TCP:UDP

 

Simple Mail Transfer Protocol - CERT definition FAQ
This protocol is dedicated for  sending EMail messages originated on a local host,  over a TCP connection, to a remote server. SMTP defines a set of rules which allows two programs to send  and receive mail over the network. The protocol defines the data structure that would be delivered with information regarding the sender, the recipient (or several recipients) and, of course, the mail's body.

 SMTP is used to transfer mail between internet mail servers.
  The main protocol used to send electronic mail on the Internet Transfers mail between mail servers on a TCP/IP network, LAN and Internet.  It can be set up as a mail relay server or a post office to which it delivers.  Using Telnet, on port 25 and entering SMTP commands individually, you can record the results from the SMTP server and determine if there are any errors.

SNMP
see, MIB

p506

Simple Network Management Protocol -   SNMP is the primary protocol for managing your network.  A

In newer Windows implementations, MOM (microsoft Operations Manager) handles DNMP monitoring and alerts without introducing security problems, e.g., fixed loginname parameters of older systems. (there is also SMS)

simple protocol that defines messages related to network management. Through the use of SNMP network devices such as routers can be configured by any host on the LAN.

A set of standards for communication with devices connected to a TCP/IP network.  A network management protocol that collects statistics from devices on TCP/IP networks.  The device loads an agent that collects information and forwards that information to a network management console. You can configure the device with specific threshold parameters.  When those thresholds are exceeded, an alert message is sent to the management console, which then creates a baseline for future reference.
 

The SNMP protocol operates at the application layer (layer 7) of the OSI model. It specified (in version 1) five core protocol data units (PDUs):

  1. GET REQUEST, used to retrieve a piece of management information.

  2. GETNEXT REQUEST, used iteratively to retrieve sequences of management information.

  3. GET RESPONSE

  4. SET, used to make a change to a managed subsystem.

  5. TRAP, used to report an alert or other asynchronous event about a managed subsystem. In SNMPv1, asynchronous event reports are called traps while they are called notifications in later versions of SNMP. In SMIv1 MIB modules, traps are defined using the TRAP-TYPE macro; in SMIv2 MIB modules, traps are defined using the NOTIFICATION-TYPE macro.

Other PDUs were added in later versions, including:

  1. GETBULK REQUEST, a faster iterator used to retrieve sequences of management information.

  2. INFORM, an acknowledged trap.

Typically, SNMP uses UDP ports 161 for the agent and 162 for the manager. The Manager may send Requests from any available port (source port) to port 161 in the agent (destination port). The agent response will be given back to the source port. And the Manager will receive traps on port 162. The agent may generate trap from any available port.
http://en.wikipedia.org/wiki/Snmp

SSL

SECURE SOCKETS LAYER

TCP

ports 21 23 25 80 110 110 220

Transmission  Control  Protocol - port 80 the maximum segment size is 65,495 bytes
Like UDP, a protocol that enables a computer to send data to a remote computer. Unlike UDP, TCP is reliable i.e. packets are guaranteed to wind up at their target, at the correct order.

TCP   is a Transport layer component - TCP is  a connection-oriented protocol that guarantees delivery of the data. It is at  the Transport layer of the TCP/IP protocol suite.  It establishes a virtual network between two computers by setting up end-to-end connections, across all routers in the affected network.   To make a connection between two computers, the sender makes a connection request, which the receiver grants.  It waits for authorization to send data and then checks to make sure that it was delivered in its entirety.  TCP uses IP as the transport mechanism between the host computers

TFTP

Trivial File Transfer Protocol  A connectionless oriented protocol used to transfer files, e.g. BOOTP/TFTP is useful for JetDirect print server configuration.

Telnet  
 port 23

Telnet is a terminal emulation protocol, defined in RFC854, for use over a TCP connection. It enables users to login to remote hosts and use their resources from the local host. Novell and Win NT do not support port 23 connections for terminal emulation

UDP

ports 15  21 23 24  53  69  80  100 119  137  138  220

User Datagram Protocol - port 15 a connectionless transport layer protocol, best-effort delivery (p218).  It is the only connectionless TCP/IP protocol at the Transport layer.
A simple protocol that transfers datagram (packets of data) to a remote computer. UDP doesn't guarantee that packets will be received in the same order they were sent. In fact it doesn't guarantee delivery at all.

UDP   port 137  is a Transport layer component
Normally handles system maintenance tasks in the background of a network’s operations.  Provides unreliable data delivery service in the TCP/IP protocol stack.  It is a connectionless-oriented direct interface between applications and the IP protocol in the Network layer of the OSI stack.  Commonly used in audio and video applications.  Packets don't have error detection or correction.

The UDP header'ds main function is to define the process or application that is using the IP and UDP Network and Transport layers.  UDP Layer is only 8 bytes long.  It contains only four fields. Source and Destination port numbers, Length and Checksum.

TDI

Transport Driver Interface  The Windows Transport Data interface (TDI) is sometimes referred to as the "native" Windows NT networking interface. It is a kernel-mode interface between two types of device drivers

TLD

Top Level Domain name - new TLDs  DNS Country Codes

TCP/IP UTILITIES

arp    command line|  arp -a used to view ARP table contents on Windows based computers.

IPCONFIG
  and IPCONFIG /All  ipconfig /release   ipconfig /renew
IPCONFIG displays the TCP/IP settings of a WIN NT computer.  IPCONFIG/ALL displays the IP address, subnet mask, default gateway, WINS and DNS configurations.  You can also release an IP address from a DHCP server using this command.

winipconfig
A graphical representation os all the TCP/IP configurations in a Windows 95/98/ME workstation.  For troubleshooting TCP/IP problems to include DHCP, WINS and DNS problems.

nbstat
Powerful for troubleshooting NetBIOS problems.  Command removes or corrects preloaded BetBIOS entries

nbtstat
returns statistics on NetBIOS, using NetBT if TCP/IP is installed on the machine from which it is run  -n  = list of all local NetBIOS names;  -s  = list of names resolved by broadcast and WINS and includes a summary count of name resolutions/registrations;  -s  = NetBIOS sessions table, showing open sessions with their destination IP address.  The "S" does the same, but attempts to resolve the remote host name using the HOSTS file.
 


nslookup Used to query a Domain Name Service server. Usually access is privileged for sequrity reasons.   nslookup domainname [nameserver]  (In Win, the configuration is located in the TCP/IP properties window, available through Start, Control Panel, Network Connections)

PING
  Packet Internet Groper
PING is a utility that sends an ICMP echo request message to a host on a TCP/IP network to test network connectivity.  It waits for a response from the remote host and registers the time it takes to respond.  To stop a looping ping use either ctrl+c or delete command.
                                                          ICMP Internet Control Message Protocol
pathping  - (post Win 2k) utility that uses ICMP Echo packets to test router and link latency, including packet loss along a path to a host. pathping uses a combination of tracert and ping to first determine the path to a specified host, and then test the round trip to the host.  It tests  packet loss to the destination and each router along the way.

ping localhost

telnet  port 23

1.  Telnet provides a terminal emulation window through which you can access remote routers and Unix systems on a TCP/IP network.
2.  Telnet is used to modify router commands and run host applications in Unix systems.
3.  Windows NT and Novell do not support Telnet port 23 connections for terminal emulation.  Telnet connection on port 23 is used to connect to a host machine and run an application on the connected host once the security subsystem has authenticated the user.
4.  The Telnet utility can be set up to connect to a host with a port number other than 23 to troubleshoot problems.  With Telnet, using port 25 and entering SMTP commands individually you can record the results from the SMTP server and determine if there are any errors.
5.  Telnet is one of the mail utilities used to connect to ports on host computers to determine whether the port is working properly.


tracert [-d
(do not resolve addresses to hostname [-h max number of hops to search for target] [ -j    -w ]  (invoked as tracert in the Windows environment - traceroute in others)
This utility traces the route of a packet between two locations and displays the router hops taken to get there.  It is a good tool to determine where a packet is stopping on its way to the TCP/IP destination.  You can also use it to determine which route is taken on a dual port router.  Tracert is a great utility to map the route that a packet takes through an intranet or the internet. Trace Route is used primarily to trace a route from a local computer to any other computer on the Internet. In other words, it determines how many hops there are between the local and target machine, and displays response time, name, and IP address of each intermediate hop

traceroute
traces the end-to end path through an internetwork. Traceroute alters the TTL value to find routers (not commonly used for security reasons) (p201).  tracert is used in the Windows environment.

VLSM:

 Variable Length Subnet Mask, see subnetting

watchdog process

Netware uses  the watchdog process to maintain a connection between a NetWare host and server.  If the application cannot maintain a connection, the TCP keep alive procerss may be responsible for maintain the connection.  If implemented, only the server process initiates TCP keep-alives.

windows clustering

Win server 2003 allows 2 or more servers to be managed as a single system.  Clustering provides failover detection of an application or server and automatically transfers the server role to an alternative server.

WINS  p548
Windows Internet Name Service

Scope ID

In essence, WINS is Microsoft's imitation of DNS, repurposed for the NetBIOS namespace.
A LAN service.  WINS is a database that correlates IP addresses to NetBIOS computer names in a Windows-only networking environment.  A non-routable protocol that is best used on small LANs of less than 50 people.
The WINS address is a TCP/IP address that points to a WINS server that has the WINS database installed on it.  It is a configuration tab associated with the TCP/IP protocol.
WINS resolution is not required if the network is not using NetBios names.
     Scope ID:   is a WINS option that provides a way to isolate a group of computers that are permitted communication only with one another.  The Scope ID is a case-sensitive string value that is appended to the NetBIOS name and is used for all NetBIOS over TCP/IP communications from that computer.
The maximum requirements for setting up WINS on  a Window 9x workstation are: Enable WINS resolution and then enter a primary WINS server.  If you have a secondary WINS server, enter it also.

command line tools to configure WINS:    netsh> wins  Enter ? to display Help.

a collection of sources for this information
Microsoft Certified System Engineer, TCP/IP, Certification Insider Press, Ed Tittel, Kurt Hudson, and J Michael Stewart, 1998
Comptia Certified Network Technician, Network +, Certification Insider Press, Scott Reeves and Kalinda Reeves,  1999
Cisco Router Handbook, McGraw Hill, George C Sackett, 1999
Mastering Windows NT Server 4,  Sybex Network Press, Mark Minasi, Christa Anderson, Elizabeth Creegan,  1996
Cisco Certified Network Associate (CCNA) Basics 1.0, Cisco Systems, 2000 (CD)
www.vonage.com

1 Guide to TCP/IP, Second Edition, Laura A Chappell, Ed Tittel, Thompson Course Technology 0-619-21242-X


and the list goes on...

Unique  by CatheyMc

ipaddr.htm