Linux Networking

The client selects a random unused 'source' port greater than 1024 and queries the server on the 'destination' port specific to the application. If it is an HTTP request, the client will use asource port of say, 1095 and query the server on port 80 (HTTP). The server recognizes the port 80 request as an HTTP request and passes on the data to behandled by the web server software.

What Is TCP/IP?

  • TCP/IP is a universal standard suite of protocols used to provide connectivity between networked devices.

  • It is part of the larger OSI model upon which most data communications is based. One component of TCP/IP is the Internet Protocol (IP) which is responsible for ensuring that data is transferred between two addresses without being corrupted.

  • For manageability, the data is usually split into multiple pieces or packets each with its own error detection bytes in the control section or header of the packet.

  • The remote computer then receives the packets and reassembles the data and checks for errors. It then passes the data to the program that expects to receive it.

  • The two most popular transportation mechanisms used on the Internet are Transmission Control Protocol (TCP) and User Datagram Protocol (UDP).

What is TCP?

  • TCP opens up a connection between client and server programs running on separate computers so that multiple and/or sporadic streams of data can be sent over an indefinite period of time.

  • TCP keeps track of the packets sent by giving each one a sequence number with the remote server sending back acknowledgement packets confirming correct delivery.

  • Programs that use TCP therefore have a means of detecting connection failures and requesting the retransmission of missing packets. TCP is a good example of a connection oriented protocol.

What is UDP?

UDP is a connection less protocol. Data is sent on a best effort basis with the machine that sends the data having no means of verifying whether the data was correctly received by the remote machine. UDP is usually used for applications in which the data sent is not mission critical. It is also used when data needs to be broadcast to all available servers on a locally attached network.

What are TCP / UDP Ports?

  • The source/destination port combination defines the program on the computer that sent/received the data.

  • You could look at it as a combination used to create a connection ID number. Certain programs are assigned specific that are internationally recognized.

  • For example, port 80, is reserved for HTTP web traffic and port 25 is reserved for SMTP email.

  • Ports below 1024 are reserved for privileged system functions, those above 1024 are generally reserved for non system third party applications.

  • Usually when a connection is made from a client computer requesting data to the server machine that contains the data.

What is a TTL?

  • Each IP packet has a Time to Live (TTL) section that keeps track of the number of network devices the packet has passed through to reach its destination.

  • The server sending the packet sets the TTL value and each network device that the packet passes through then reduces this value by 1.

  • If the TTL value reaches 0, then the network device will discard the packet.

  • This mechanism helps to ensure that bad routing on the Internet won‘t cause packets to aimlessly loop around the network.

  • TTLs help to reduce the clogging of data circuits with unnecessary traffic.

What is ICMP?

  • There is another commonly used protocol called the Internet Control Message Protocol (ICMP).

  • It is not strictly a TCP/IP protocol, but TCP/IP based applications use it frequently. ICMP provides a suite of error, control, and informational messages for use by the operating system.

  • For example, IP packets will occasionally arrive at a server with corrupted data due to any number of reasons including; a bad connection; electrical interference or even misconfiguration.

  • The server will usually detected this by examining the packet and correlating the contents to what it finds in the IP header‘s error control section.

  • It will then issue an ICMP reject message to the original sending machine that the data should be resent.

  • ICMP also includes echo and echo reply messages used by the Linux ping command to confirm network connectivity.

What Do IP Addresses Look Like?

  • All devices connected to the Internet have an Internet Protocol (IP) address. Just like a telephone number, it helps to uniquely identify a user of the system.

  • IP addresses are in reality a string of binary digits or bits. Each bit is either a 1 or a 0. IP addresses have 32 bits in total.

  • For ease of use, IP addresses are written in what is called a dotted decimal format, four numbers with dots in between. None of the numbers between the dots may be greater than 255. An example of an IP address would be 97.65.25.12.

  • The numbers between the dots are frequently referred to as octets

  • Some groups of IP addresses are reserved for use only in private networks and are not routed over the Internet.

Private IP Addresses

10.0.0.0 - 10.255.255.255 172.16.0.0 - 172.31.255.255 192.189.0.0 - 192.189.255.255

Home networking equipment / devices usually are configured in the factory with an IP address in the range 192.189.1.1 to 192.189.1.255.

What Is Localhost?

Whether or not your computer has a network interface card it will have a built in IP address with which network aware applications can communicate with one another. This IP address is consist 127.0.0.1and is frequently referred to as localhost.

What Is A Subnet Mask?

Subnet masks are used to tell which part of the IP address represents. The network on which the computer is connected (Network portion), the computer’s unique identifier on that network (Host portion).

A simple analogy would be a phone number, such as (808) 225-2468. The (808) represents the area code, the 225-2468 represents the telephone within that area code. Subnet masks allow you to specify how long you want the area code to be (network portion) at the expense of the number of telephones in that are in the area code (Host portion).

Most home networks use a subnet mask of 255.255.255.0. Each 255 means this octet is for the area code (network portion). So if your server has an IP address of 192.189.1.25 and a sub net mask of 255.255.255.0, then the network portion would be 192.189.1 and the server or host would be device #25 on that network.

In this example, host #0 (192.189.1.0) is reserved to represent the network itself, and host #255(192.189.1.255) is reserved for broadcast traffic intended to reach all hosts on the network at the same time.

You can then use IP addresses from #1 to #254 on your private network. If you purchased a DSL service from your Internet service provider (ISP) that gives you fixed IP addresses, then they will most likely provide you with a subnet mask of 255.255.255.248 that defines 8 IP addresses.

What Is Duplex?

  • Duplex refers to the ability of a device to transmit and receive data at the same time.

  • Full duplex uses separate pairs of wires for transmitting and receiving data so that incoming data flows don’t interfere with outgoing data flows.

  • Half duplex uses the same pairs of wires for transmitting and receiving data. Devices that want to transmit information have to wait their turn until the coast is clear at which point they send the data.

  • Error detection and retransmission mechanisms ensure that data reaches the destination correctly even if it were originally garbled by multiple devices starting to transmit at the same time.

  • Data transfer speeds will be low and error levels will be high if you have a device at one end of a cable set to full duplex, and another device at the other end of the cable set to half duplex.

  • Most modern network cards can auto- negotiate duplex with the device on the other end of the wire. It is for this reason that duplex settings aren‘t usually a problem for Linux servers.

What Is A Route?

  • In the broader networking sense, a route refers to the path data takes to traverse from its source to its destination.

  • Usually when we speak about a route on a Linux box, we are referring to the IP address of the first hop needed to reach the desired destination network.

  • It is assumed that this first hop will know how to automatically relay the packet.

  • Routers are designed to exchange routing information dynamically, and can therefore intelligently redirect traffic to bypass failed network links.

  • Home Linux boxes frequently don’t run a dynamic routing protocol and therefore rely on static routes issued by the system administrator at the command line or in configuration files to determine the next hop to all desired networks.

What Is A NIC?

Your network interface card is frequently called a NIC. Currently, the most common types of NIC usedin the home are Ethernet and wireless Ethernet cards.

What Is A MAC Address?

The media access control address (MAC) can be equated to the serial number of the NIC. Every IP packet is sent out of your NIC wrapped inside an Ethernet frame which uses MAC addresses to direct traffic on your locally attached network. MAC addresses therefore only have significance on the locally attached network.

As the packet hops across the Internet, its source/destination IP address stays the same, but the MAC addresses are reassigned by each router on the way using a process called ARP.

What Is ARP?

  • The Address Resolution Protocol (ARP) is used to map MAC addresses to network IP addresses. When a server needs to communicate with another server it does the following steps:The server first checks its routing table to see which router provides the next hop to the destination network.

  • If there is a valid router, let’s say with an IP address of 192.189.1.1, the server checks it’s ARP table to see whether it has the MAC address of the router’s NIC.

  • If there is an ARP entry, the server sends the IP packet to its NIC and tells the NIC to encapsulate the packet in a frame for the MAC address of the router.

  • If there is no ARP entry, the server will issue an ARP request asking that router192.189.1.1 respond with its MAC address so that the delivery can be made.

What Is NAT?

  • Your router / firewall will frequently be configured to make it appear to other devices on the Internet that the servers on your home network have a valid public IP address, and not a private IP address.

  • This is called network address translation (NAT) and is often also called IP masquerading in the Linux world.

  • There are many good reasons for this, the two most commonly stated are: Noone on the Internet knows your true IP address.

  • NAT protects your home PCs by assigning those IP addresses from private IP address space that cannot be routed over the internet.

  • This prevents hackers from directly attacking your home systems as packets sent to the private IP will never Passover the Internet.

Telnet Server

Telnet is a program that allows users to log into your server and get a command prompt just as if they were logged into the VGA console. Telnet is installed and enabled by default on Red Hat Linux.

One of the disadvantages of Telnet is that the data is sent as clear text. This means that it is possible for someone to use a network analyzer to peek into your data packets and see your username and password.

A more secure method for remote logins would be via Secure Shell (SSH) which uses varying degrees of encryption. The command to do remote logins via telnet from the command line is simple.

Subscribe For More Content