(John Cowley) Communications and Networking An in PDF
(John Cowley) Communications and Networking An in PDF
(John Cowley) Communications and Networking An in PDF
John Cowley
Communications
and Networking
An Introduction
John Cowley, BA, Dip TEO, MSc, MEd,
Faculty of Computing, Engineering and Technology
Staffordshire University
College Road
Staffordshire ST4 2DE
UK
Apart from any fair dealing for the purposes of research or private study, or criticism or review, as
permitted under the Copyright, Designs and Patents Act 1988, this publication may only be reproduced,
stored or transmitted, in any form or by any means, with the prior permission in writing of the publishers,
or in the case of reprographic reproduction in accordance with the terms of licences issued by the
Copyright Licensing Agency. Enquiries concerning reproduction outside those terms should be sent to
the publishers.
The use of registered names, trademarks, etc. in this publication does not imply, even in the absence of
a specific statement, that such names are exempt from the relevant laws and regulations and therefore
free for general use.
The publisher makes no representation, express or implied, with regard to the accuracy of the infor-
mation contained in this book and cannot accept any legal responsibility or liability for any errors or
omissions that may be made.
9 8 7 6 5 4 3 2 1
1. Introduction ........................................................................ 1
1.1 What Is a Network?........................................................... 1
1.2 Types of Networks ............................................................ 1
1.3 Reasons for Networks ........................................................ 3
1.4 Communication Between Computers...................................... 3
1.5 Summary........................................................................ 4
1.6 Questions ....................................................................... 4
2. Communications Technologies................................................. 5
2.1 Serial and Parallel Communications ..................................... 5
2.2 Asynchronous and Synchronous Communications.................... 6
2.3 Duplex, Half-Duplex and Full-Duplex Communications ............ 8
2.4 Data rate, Bandwidth and Throughput................................... 9
2.5 Modulation and Encoding.................................................. 12
2.6 Error Control Methods...................................................... 14
2.7 Switched Connections ...................................................... 18
2.8 Multiplexing .................................................................. 21
2.9 Topologies Used in Networking .......................................... 23
2.10 Network Transmission Media ............................................. 25
2.11 Summary ...................................................................... 32
2.12 Questions...................................................................... 34
v
vi Contents
6. Network Protocols................................................................. 79
6.1 Internet Protocol............................................................... 79
6.2 The Transport Layer of TCP/IP............................................. 95
6.3 High-Level Data Link Control.............................................. 100
6.4 Multiprotocol Label Switching ............................................. 101
6.5 Routing Protocols ............................................................. 101
6.6 Summary........................................................................ 103
6.7 Questions ....................................................................... 103
This short chapter starts by considering how we can define what a network is.
Next there is a short discussion of different types of networks. This is followed
by an account of the reasons why networks are used. Communication between
computers is then discussed. Several basic terms used when discussing computer
communication are introduced.
1
2 Communications and Networking
You may also encounter the term metropolitan area network (MAN). MANs
are a halfway house between LANs and WANs. They can span an entire city and
its suburbs, but their reach is not as great as that of WANs.
Personal area networks (PANs) and home area networks (HANs) are very short
range networks. These are described in Chapter 10.
1.4.2 Packet
As is shown in Fig. 1.3, the data is usually sent in a packet, a unit of information suit-
able for travelling between one computer and another. In addition to the data itself,
Source Destination
Packet
Transmission medium
the packet will contain addressing information. The source address in a packet
identifies the sending computer. The destination address identifies the receiving
computer. Besides address information, the packet will also contain other items
that are needed to facilitate communication. Details of the structure of various
kinds of packets will be given later in this book.
1.4.3 Protocol
When we want to send a packet of data from one computer to another, it is vital
that the source, the destination and any other devices on the network all use the
same protocol. A protocol is a set of rules. These rules make communication via
a network work satisfactorily. Outside the field of computer science, one meaning
of the word ‘protocol’ is a code of conduct. We find the word used this way in the
phrase ‘the protocols of the Geneva convention’. An explanation of how various
protocols work together to facilitate communication can be found in Chapter 3
(Section 3.1).
1.5 Summary
This introductory chapter started by considering the definition of a network. Next,
different types of networks were briefly discussed and then some reasons why
networks are used were given. Finally, computer communication and some of the
basic terms used were introduced.
1.6 Questions
1. What are the differences between WANs and LANs?
2. What benefits do networks offer?
3. Why do data packets need to include addresses along with the data?
4. What is a network protocol?
2
Communications Technologies
In this chapter, we look at some of the technologies that are used for computer
communications. The chapter starts with an explanation of the differences between
serial and parallel data transfer, asynchronous and synchronous communications
and duplex, half-duplex and full-duplex communications. The distinctions be-
tween data rate, bandwidth and throughput are then explained. Modulation and
encoding, error control methods, switching and multiplexing are then discussed.
The topologies used in networking are described. Finally, network transmission
media are explored.
5
6 Communications and Networking
Second First
Etc. byte byte
0 1 1
1 0 1
1 1 1
Source 1 0 1
0 1 0 Destination
0 0 1
1 1 0
1 0 0
Next First
byte byte
Source 00100110 11110011 Destination
Inside Outside
computer computer
Parallel connection to
computer,s data bus
Parity
bit
1 1 1 0 0 1 0 1 0 0
Idle Stop ASCII Code for ‘J’ Start Idle
bit bit
Direction of transmission
Source Destination
11100101010101100110101010011011001
Stream of bits
Source
Communication possible
in one direction only
Destination
Ethernet LAN must take turns to send information to each other. A computer has
to wait for the transmission that it is sending to end before it can receive data. Full-
duplex working removes this restriction. Half-duplex transmission is illustrated in
Fig. 2.7.
Full-duplex transmission is illustrated in Fig. 2.8. Full-duplex working is ideal
for interactive applications because it eliminates the waiting time referred to in
the previous paragraph. Ethernet used with a layer-2 switch is an example of full-
duplex transmission. The switch can automatically sense whether the device at the
other end of the wire, for example, the NIC of a PC, has a full-duplex capability.
If full-duplex transmission can be used, this has the effect of speeding up the
operation of the LAN.
No communication
example, disk drives, as well as networks. Data rates are expressed in bits per
second (bps). For example, 2 Mbps is 2,000,000 bps. The units used to express
data rates are shown in Table 2.1. Note that the meaning of the prefixes kilo-, mega-
and so on differs from the meaning when these are used for storage units. When
indicating the capacity of storage units such as hard disk drives, these prefixes
stand for powers of 1024. For example, 1 kbyte of storage is 1024 bytes.
Source Destination
Communication in both
directions simultaneously
2.4.3 Throughput
In a real network, various factors militate against the theoretical data rate of a
channel being realised. The devices attached to the network (user workstations,
server computers, switches, routers and so on) will all affect throughput to some
extent. The layout of the network, the characteristics of the data being sent and
how many people are using the network will also affect throughput. We can define
throughput as the actual amount of data successfully transferred from one place to
another in a given time. This figure is unlikely to be as high as the notional data
rate (see the last sentence in Section 10.4.3 for an example).
2.4.4 Bandwidth
The term bandwidth is used in two different ways for analogue and digital commu-
nications. Let us first have a brief look at bandwidth as used to describe analogue
signals.
Analogue data transmission is performed by manipulating electromagnetic
waves. These waves vary continuously and they can be sent over various kinds
of media, for example, copper wire. Figure 2.9 shows an analogue signal. The
variation in the waves directly mirrors (is an analogue of) the variations in the
light or sound waves that a transmitter produces. For example, a modem (see
12 Communications and Networking
Chapter 5) produces shrieking sounds, which are sent over the analogue sections
of the telephone network as continuously varying electrical waves. The bandwidth
of an analogue signal is the difference between the highest and lowest frequencies
contained in the signal. The frequency is the number of times the wave goes up
and down per second. Frequency and analogue bandwidth are measured in cycles
per second or hertz (Hz).
Digital transmission, on the other hand, is done with a series of electrical (volt-
age) pulses. Figure 2.10 shows a digital signal. With digital signalling, the infor-
mation that is being sent out over the medium is turned into a stream of bits. A
digital signal is not affected by noise (interference) or attenuation (weakening of
the signal) as easily as an analogue signal. In the digital context, the term band-
width is commonly used to mean the same as data rate and is expressed in bits per
second. It can be argued that this is an incorrect use of the term bandwidth, but in
computer networking, it is very frequently encountered with this meaning. So the
phrases ‘a data rate of 100 Mbps’ and ‘100 Mbps of bandwidth’ can be taken to
mean the same thing.
AM
1 1 0 1 1 0 1 0
FM
1 1 0 1 1 0 1 0
PM
There are three fundamental ways of altering the carrier signal: amplitude mod-
ulation (AM), frequency modulation (FM) and phase modulation (PM). In AM,
the amplitude of the carrier signal is manipulated, changing the height of the wave.
In FM, the frequency of the carrier signal is manipulated, altering how many waves
there are in a given time. In PM, the phase of the carrier signal is manipulated: The
wave is made to start at a different point in its cycle. These three different modu-
lation methods are illustrated in Fig. 2.11. A combination of AM and PM works
well in modems and combined with other techniques such as echo cancellation
can give remarkably high speeds considering that the analogue phone system is
being used.
Manchester
time. One advantage of such a scheme is that the receiver has only to look for
a change in voltage (easier to detect than voltage value). Furthermore, always
having a transition in the middle of a bit time provides a clock signal as well as
data. Manchester encoding is used in 10 Mbps Ethernet (further details of Ethernet
are given in Chapter 4). More complicated encoding schemes than Manchester are
used in higher speed versions of Ethernet.
the bits get changed to 00100111. But when the receiver checks for parity, it finds
an even number of 1 bits and is satisfied that there have been no errors. For this
reason, simple parity is not used for ARQ in practice.
A more satisfactory alternative to simple parity is the checksum method. Here,
the sending computer adds up all the data bytes of the message to be transmit-
ted. The resulting figure, the checksum, is transmitted along with the data. At the
other end, the receiver performs the same operation on the data and compares the
checksum it has calculated with the one that the sending computer included in
the message. If these two checksums are not the same, the receiving computer
concludes that there has been an error during transmission and asks for a retrans-
mission. The size of checksums is kept within reasonable bounds by, for example,
the sending device throwing away any carries beyond 8 bits. One protocol that uses
checksums is TCP (although the calculation involved is slightly more sophisticated
than that described here). The TCP protocol is explained in Chapter 6.
The cyclic redundancy check (CRC) is a more sophisticated error detection
method than checksums. This technique lends itself to implementation in hardware,
which is fast, since it requires merely a shift register and an exclusive-OR (XOR)
function. The transmitting device divides the outgoing block of data by a certain
number (chosen because it gives good results). It is the remainder that results from
this division that is sent out with the data. At the other end, the receiver does a
similar calculation and compares the result it gets with the CRC that the sender
has sent it. If there is a discrepancy, then the receiver assumes that there has been
a transmission error and asks the sender to retransmit the data.
As can be seen in Fig. 2.13, the division is actually carried out modulo 2 in
binary. In modulo-2 arithmetic, there are no carries and no borrows and there is no
difference between addition and subtraction. When done on paper, the calculation
is a binary ‘long division sum’. However, it is easier to do than a normal long
Divisor = 1101
Data = 101010
Bits transmitted = 101010011
110111
1101 101010000
1101
1111
1101
1000
1101
1010
1101
1110
1101
FIGURE 2.13. CRC calculation Remainder = 011
16 Communications and Networking
division sum because instead of having to perform subtractions and use borrows,
we can utilise XOR. See, for example, the first stage in the division process in Fig.
2.13, where we take the XOR of 1010 and 1101, giving a result of (0)111. In CRC
division, one number is said to ‘go into’ another merely by virtue of having the
same number of digits. Before starting the division, some zeros need to be added to
the end of the data. We add the number of digits in the divisor (four in this example)
minus one (that is, three zeros). When we finish, the result (the remainder) must
be one digit shorter than the divisor. That is the reason for the leading zero in the
remainder in Fig. 2.13. We then append the remainder (011) onto the end of the
data (101010) and transmit 101010011.
CRCs are very good at detecting burst errors (most data transmission errors
occur in bursts). There are several international standards for CRCs. A prime
example is the 32-bit CRC, which is used for error control in the Ethernet frame
(see Chapter 4).
Wasted time
Sender: Message N Message N + 1
Receiver: ACK N
Time
Sender: Message N-1 Message N Message N+1 Message N+2 Message N+3 Message N+1 Message N+2 Message N+3
Receiver: ACK N-2 ACK N-1 ACK N NAK N+1 ACK N+1 ACK N+2
Parity Failure
2.8 Multiplexing
In multiplexing, signals from several sources are sent down one long-distance
channel at the same time. At the destination, these signals are separated again. The
advantage of this is that an expensive WAN link can be used very efficiently. There
are two major varieties of multiplexing: time division multiplexing (TDM) and
frequency division multiplexing (FDM). A third kind of multiplexing, wavelength
division multiplexing (WDM), can be classified as a variant of FDM.
c1
FIGURE 2.20. Time
c2 division multiplexing
c3
c4
c5 MUX
c6
c7 c5 c4 c3 c2 c1 c8 c7 c6 c5 c4 c3 c2 c1
c8
C = Channel
MUX = Multiplexer
through all the eight channels on a round robin basis. What is not shown in Fig.
2.20 is that there is another multiplexer at the destination, which demultiplexes the
multiplexed data into low-speed channels. Simple TDM is a fairly efficient way of
using a high-speed, long-distance communications link. However, it is wasteful if
low-speed channels have nothing to send when it is their turn. A more complicated
technique called statistical multiplexing gets round this by filling the slots on a
first-come-first-served basis, rather than using a round robin system.
c1
Frequency
c2
MUX
c3
c4
Time
C = Channel FIGURE 2.21. Frequency
MUX = Multiplexer division multiplexing
Communications Technologies 23
D
M E
MUX
U M
X U
X
Blue Light
Red Light
Green Light
Yellow Light
of optical fibre, see Section 2.10.2.) The sender multiplexes the source channels
before they are sent over the long-haul link; the receiver demultiplexes these.
WDM is illustrated in Fig. 2.22. For the sake of simplicity, only four colours are
shown in the diagram, though many more are possible. Dense wavelength division
multiplexing (DWDM) allows even greater bit-rates than does simple WDM.
2.9.1 Bus
Outside the computing context, the term bus can be used to denote an electrical
conductor that is used to connect several circuits together. Inside a computer, a
bus is a common path for moving information about, for example, a data bus. In a
computer network, a bus is a single piece of cable to which all the computers are
attached. At the two ends of this cable, there are resistors that absorb unwanted
signals so that they are not reflected back along the bus. If the bus fails, communica-
tion ceases. A physical bus was used in old types of Ethernet LAN (further details
of Ethernet are given in Chapter 4). The bus topology is illustrated in Fig. 2.23.
2.9.2 Ring
As the name suggests, in the ring topology the computers are laid out in a ring.
An endless cable (ring) connects the computers together. If the ring fails, there can
24 Communications and Networking
2.9.3 Star
As shown in Fig. 2.25, the star topology looks rather like a wheel without a rim.
The devices at the ends of the spokes of the wheel can communicate with each
other only via a central hub. Originally, this central hub was a computer and the
other devices were usually dumb terminals (devices with a keyboard and screen
but no processing power). In modern star networks, the devices at the outer ends
of the spokes are computers but the hub is a device that will not necessarily have
any intelligence. Irrespective of how much intelligence it possesses, if the hub fails
this has a catastrophic effect on the functioning of the network. Despite this, the
star topology is a very popular one for LANs.
2.9.5 Mesh
In the mesh topology (Fig. 2.27), every computer is directly connected to every
other one. If one link between any two computers stops working, an alternative
route will be available. A topology such as this is expensive, but it may be necessary
for applications where it is vital that computers do not lose contact with each other.
An example of such an application is controlling a nuclear power station.
The pathway is often a cable of some kind, but not always. There are three classes
of media: copper cable, fibre optic cable and wireless media.
Coaxial Cable
This cable consists of two copper conductors, one inside the other, separated by
plastic insulation. The inner conductor is a thick copper wire. The outer conductor
is a cylindrical mesh of thin copper wire. This layer also acts as a shield for
the inner conductor, helping to cut down on electromagnetic interference from
outside the cable. A plastic sleeve protects the cable. A coaxial cable is illustrated
in Fig. 2.28. As can be seen from the illustration, the kind of coaxial cable that
is used for computer network installations is very similar to a television aerial
cable.
A coaxial cable has some useful features. Fewer repeaters are needed to boost
the signal than with twisted pair cable. It is less expensive than fibre optic cable.
It was used for cabling Ethernet LANs. However, for some years it has not been
used for new Ethernet installations as it is expensive to put in compared to twisted
pair cable. It is also tricky to connect the outer conductor properly. A coaxial cable
is commonly used for carrying cable television signals (and computer data as well
if a cable modem is in use) into the home.
Communications Technologies 27
Inner conductor
End view
Plastic sleeve
Outer conductor
Inner conductor Insulation
Plastic sleeve
Plastic sleeve
Screen
metallic foil and then the whole bundle of wires is shielded. In ScTP the individual
pairs of wires are not shielded. An ScTP cable is illustrated in Fig. 2.30. The
shielding/screening makes ScTP and STP cable much more difficult to install than
UTP but interference is greatly reduced.
Hub/
Straight-through Switch
cable Straight-through
cable
Crossover cable
Jacket
Buffer
Cladding
Single mode
Multimode
Microwave Radio
Microwave radio is the commonest form of transmission without wires. Two
places where it is used are 802.11x LANs and mobile telephone networks (see
Chapter 10). The information is carried through the air by ultra-high, super-high
or extremely high-frequency radio waves. Microwave signals (unlike ordinary ra-
dio signals) can be aimed to travel in a particular direction and so the signals can be
targeted precisely at those who need to receive them. Microwave transmission of-
fers high bandwidth. A line of sight is preferable between transmitter and receiver
because buildings have an adverse effect on the signal. For this reason, high towers
are commonly used to relay microwave transmissions (see Fig. 2.35). Rain can
interfere with microwave signals. Various ways in which microwave transmission
can be used are explored in Chapter 10.
Satellites
Microwave signals can be sent over very long distances using satellites. Although
the cost of launching a satellite is high, it can carry a vast amount of traffic. It carries
Communications Technologies 31
Infrared
Infrared signals can be used for networking over short distances. Whilst a line
of sight is merely preferable for microwave communications, for infrared this is
absolutely essential because the signal cannot pass through solid objects well.
This is both an advantage (because of lack of interference with other systems and
good security) and a disadvantage (because of shortness of range). With no need for
aerials on the devices, an infrared system can be very successful at linking together
small, portable devices within a room. Unlike microwave, no spectrum licensing is
32 Communications and Networking
Satellite
needed. However, infrared networks are much less popular than microwave-based
networks.
2.11 Summary
This chapter has looked at some of the technologies that are used for computer com-
munications. The chapter started with an explanation of the differences between
serial and parallel data transfer, asynchronous and synchronous communications
Communications Technologies 33
2.12 Questions
1. The lowercase letter ‘w’ is being transmitted using asynchronous transmission.
The 7-bit ASCII code for ‘w’ is 1110111 (77 hexadecimal). Even parity is being
used and there is one stop bit. Draw a timing diagram illustrating this. Base
your diagram on Fig. 2.4.
2. Describe hub-based Ethernet LANs in terms of the following dichotomies:
serial/parallel transmission, synchronous/asynchronous transmission, full-
duplex/half-duplex transmission. In addition to reading this chapter, you may
have to do a bit of further research to answer this question.
3. How long, in theory, will it take to transfer a 1-Mbyte file over a network
running at 1 Gbps?
4. Explain the difference between analogue and digital transmission.
5. Investigate the 8B/10B encoding scheme that is used in gigabit Ethernet. In
addition to reading this chapter, you may have to do a bit of further research
to answer this question.
6. (a) If even parity checking is in use, what are the parity bits assigned to the
ASCII characters capital ‘B’, ‘F’, ‘J’, ‘P’ and ‘W’?
(NB: The ASCII code for capital ‘A’ is 41 hexadecimal, i.e., 1000001
binary. The other codes can be worked out by counting on from 41 in
hexadecimal and then converting to binary.)
(b) What are the parity bits if odd parity is used?
7. A message is transmitted using cyclic redundancy coding to check for errors.
The message is 101011. The divisor that is used for the CRC is 1101. Give the
total bit pattern that is sent (see Fig. 2.13 for an example).
8. Two-dimensional even parity is being used. Fill in the column and row check
bits for the block of data in Table 2.2.
9. Explain the differences between TDM and FDM.
10. Distinguish between physical and logical topology.
11. Distinguish between UTP, single mode and multimode optical fibre.
12. What kind of cable would be best for the following applications?
(a) horizontal wiring in an office
(b) vertical wiring in a building
(c) a connection under the Atlantic ocean
13. Describe the physical form of a coaxial cable.
14. In what circumstances would a crossover cable be needed?
15. What are the advantages and disadvantages of infrared transmission?
3
Networking Models and Standards
In this chapter we look at layered models, which are standard ways of organ-
ising networks. The chapter starts with an explanation of network layering and
its advantages. One of the most important networking models, the open systems
interconnect (OSI) 7-layer model, is then explained. This is followed by an ex-
planation of the principles of data encapsulation. Another important networking
model, TCP/IP, is then explained and compared with the 7-layer model. Finally,
several important networking standards bodies are described.
35
36 Communications and Networking
Applicatio
6 6
n
Applicatio
n5 5
4 Internet
4
Internet
3 3
2 2
1 1
7: Application 7: Application
Applicatio
6: Presentation 6: Presentation
n
Applicatio
5: Session 5: Session
n
4: Transport 4: Transport
Internet
Internet
3: Network 3: Network
1: Physical 1: Physical
character codes such as ASCII and EBCDIC and between different ways of repre-
senting integers such as big-endian and little-endian. The presentation of graphical
images, sound and moving images is also dealt with in the Presentation Layer. For
example, the portable network graphics (PNG) binary file format, used for dis-
playing images on the Internet, is part of the Presentation Layer.
The Presentation Layer also looks after data compression. Compression is car-
ried out using algorithms that make files smaller than they originally were. Any
repeating bit patterns are replaced by shorter bit patterns (tokens). If the files are
made smaller in this way, they can be transmitted in a shorter time.
Encryption is another function carried out in the Presentation Layer. Using a
mathematical key, the outgoing file is scrambled to make it unintelligible to anyone
who intercepts it. At the other end, the same key or a mathematically related key
can be used to unscramble (decrypt) the data and turn it back into its original form.
3.3 Encapsulation
Data is sent over a network from a source to a destination. The data cannot be
sent until it has been encapsulated, that is, packaged up into a suitable form to
be transmitted over the network. During the encapsulation process, the data has
protocol information added to it as it is passed down through the OSI layers. This
protocol information consists of headers (address information), trailers (for error
control) and other items.
The data encapsulation process is illustrated in Fig. 3.3. Having been sent from
the source, the data travels through the Application Layer and on down through the
other layers. As the various layers carry out their services, the packaging of the data
changes. A number of steps must be performed in order to encapsulate the data.
1. First of all, the data has to be built. If, for example, an e-mail is being sent, the
alphanumeric characters of which it is composed will have to be converted into
a form that can travel across the network. If compression and/or encryption are
necessary, these functions will be performed.
2. Next, the data will have to be packaged up for transport from one end to the
other. The data is divided up into segments. This will ensure that the sending
and receiving hosts are able to communicate reliably.
3. The data must now be put into a packet or datagram. The datagram will include
a header containing the addresses of the source and destination. Devices in the
network will use these addresses to route the packet.
40 Communications and Networking
Source Destination
Network Datagram
Network Data Network (Packet)
Header
4. The packet must be put into a frame so that the data can be sent to the network
device at the other end of the link. Every network device in the chain of links
leading from source to destination needs framing so that it can connect to the
next device.
5. Finally, the frame needs to be converted into a bit pattern (1s and 0s) so that it
can actually be transmitted over the medium. The medium does not need to be
the same along the complete path from source to destination. For example, an
e-mail might start out from a portable machine connected wirelessly to a LAN,
then pass onto a network wired with copper cable, then onto a WAN link wired
with fibre-optic cable, then onto a satellite (microwave radio) link and so on.
Applicatio
Transport Transport
n
Applicatio
Internet Internet
n
the model was devised later. The instigator of TCP/IP was the US Department
of Defense (DOD). The aim of TCP/IP was a robust communication system that
would still function even if it were partially destroyed in a war.
The model has four layers: Application, Transport, Internet and Network Access.
Beware! Although the TCP/IP Application Layer has the same name as the OSI
Application Layer, the functions that it performs are not quite the same. The layers
of the TCP/IP model are shown in Fig. 3.4.
Figure 3.5 shows how the protocols fit together into the TCP/IP suite. Many
more TCP/IP protocols exist than are shown in the diagram, but those shown are
some of the commonest. HyperText Transport Protocol (HTTP), File Transfer
Protocol (FTP), Simple Mail Transfer Protocol (SMTP) and Domain Name Sys-
tem (DNS) are all explained in Chapter 7. Simple Network Management Protocol
(SNMP) is explained in Chapter 9. At the Transport Layer, the two main protocols
are TCP and User Datagram Protocol (UDP). These are explained in Chapter 6.
IP, also explained in Chapter 6, is the sole protocol at the Internet Layer and allows
TCP UDP
Applicatio
IP
n
LAN/WAN/
Internet FIGURE 3.5. TCP/IP
42 Communications and Networking
Application
Presentation Application
Applicatio
Session
n
Transport Transport
Internet
Network Internet
Internet
Data Link
Network
Access
3.7 Summary
This chapter has looked at networking models and standards. The chapter started
with an explanation of network layering. The OSI 7-layer model, an important
way of describing networks, was examined. The principles of data encapsulation
were then explained. Another important networking model, TCP/IP, was then de-
scribed. The OSI and TCP/IP models were then briefly compared. The importance
of networking standards was highlighted. Finally, several important networking
standards bodies were mentioned.
3.8 Questions
1. What are the advantages of organising network architectures in layers?
2. Which of the following does a Physical Layer protocol deal with?
r control signalling
r plugs and sockets
r checking for errors
3. Match the layer of the ISO/OSI 7-layer model to the facts about it:
Layer
(a) Physical Layer
(b) Data Link Layer
(c) Network Layer
(d) Transport Layer
(e) Session Layer
(f) Presentation Layer
(g) Application Layer
Facts
(i) Uses the raw transmission facility provided by the Physical Layer and
makes the communication channel appear free of errors.
(ii) The environment in which users’ programs operate and communicate.
Networking Models and Standards 45
In this chapter we look at various aspects of LANs. The chapter starts with an
account of some of the factors that need to be considered when planning a LAN.
Decisions about whether to choose a peer-to-peer or client-server LAN and whether
to select a wired or wireless network are considered. Various components and
devices for both wired LANs and wireless LANs (WLANs) are described. Several
wired LAN technologies are briefly described, but the chapter concentrates on
Ethernet, which is the commonest technology by far.
Peer-to-Peer LANs
In a peer-to-peer network, the computers are equals (peers). None of the computers
has control over the LAN, and the computers act as client or server computers as
necessary. In a peer-to-peer LAN, a given computer can be acting as client or server
at different times. Peer-to-peer LANs usually exist principally to share files and
are normally based around a hub or switch. A peer-to-peer LAN is illustrated in
Fig. 4.1.
Peer-to-peer LANs are easy to install and require little maintenance. There is
no need for a network administrator. Users are in control of their own resources
and they can choose whether to share their files with other users. This can cause
46
Local Area Networks 47
Client-Server LANs
Client-server technology is described in Section 7.1. In a client-server network, not
all the computers are equal. There is a special server computer, which is dedicated
to the server role. It responds to requests from all the other computers (the client
computers). Typically, it provides file and print services and perhaps some other
applications. The client computers are usually ordinary desktop computers and
the server computer is rather more powerful. The server computer may have extra
memory and a more powerful processor or multiple processors. It will always have
special software. Its operating system (OS), known as a network operating system
(NOS), is likely to be either a different version from that running on the client
computers or else a completely different OS. The NOS controls the interaction
of the client computers with the server computer and with each other. The most
popular NOS for PC LANs is MicrosoftR WindowsR . Novell NetWareR is an
alternative choice. There may be more than one server computer in the network.
A client-server LAN is illustrated in Fig. 4.2.
User accounts and security are centralised on the server computer, which makes
administering a large network much easier than if it were organised on a peer-to-
peer basis. It is also easier to back up the files because they are all kept in one
place.
There are a few disadvantages to client-server LANs. The server computer is a
single point of failure: the network cannot function without it. The network needs
48 Communications and Networking
Hub/Switch
a trained, dedicated administrator, which increases the cost. The special software
needed also makes the client-server LAN more expensive than a peer-to-peer LAN.
Server
Wired
network
Hub/
Switch
Access
point Wireless
network
Notebook PCs
with Wireless PC-
Card Adaptors Desktop PC with Wireless PC-
Card Adaptor
over data so as to reduce the latency (delay) and jitter (variation in delay) to which
IP networks are prone and that voice cannot tolerate. IEEE 802.1q is a standard that
supports virtual LANs (VLANs). (IEEE 802.1q and VLANs are discussed later in
this section.). NICs can often process TCP/IP checksums too. If a NIC supports
wake on LAN, its host PC can be switched on by sending it a special packet over
the network.
Unless the LAN is very small, the network equipment apart from the worksta-
tions themselves is safely locked away inside one or more wiring closets. A wiring
closet is simply a walk-in cupboard that contains racks of network hardware. The
cable from each PC normally feeds into a patch panel. A patch panel is illustrated
in Fig. 4.5. The patch panel acts like a small switchboard and is a convenient
means of connecting various pieces of networking equipment together. Fixed into
the patch panel from the back are many individual jacks (or sockets). The plugs on
48 ports
the end of the data cables plug into the jacks. If Category 5e UTP cable is in use,
Registered Jack-45 (RJ-45) plugs and jacks are used. Other kinds of cable may
need different plugs and jacks.
Other Internetworking components which may be needed are hubs, switches and
routers. To connect together more than two computers, either a hub or a switch
is necessary. (A crossover cable, described in Section 2.10.1, can be used if we
are just connecting one computer to one other.) A hub is an OSI layer 1 device
which merely repeats (boosts) any signal sent from one of the computers on the
network to which it is attached to all the other computers. An alternative name for
a hub is a multi-port repeater (a repeater with several ports). A hub is a very simple
device, which does not understand network addresses of any kind. A typical hub
is illustrated in Fig. 4.6.
Instead of a hub, it is more common to use a layer-2 switch. The switch is a
computer in its own right, which understands layer-2 addresses such as Ethernet
addresses. A switch can be used like its forerunner, the bridge, to connect LAN
segments. A bridge is shown in Fig. 4.7 and an Ethernet switch in Fig. 4.8.
The switch builds up tables of media access control (MAC) addresses (Ethernet
addresses in the case of an Ethernet network), and can thus work out on which
segment a frame should be transmitted. (Please see Sections 4.2.1 and 4.2.2 for a
discussion of MAC addresses.) Bridges have only two or three ports but a switch
has many. The high number of ports that a switch has means that it can be used
in place of a hub. If a switch is used in an Ethernet network instead of a hub, it
12 ports
will effectively increase the available bandwidth in the network. This is because,
unlike a hub, a switch permits several PCs on an Ethernet network to communicate
at the same time and in full duplex mode. In this case, there are no collisions and
Ethernet’s CSMA/CD access protocol (see Section 4.2.2) is not used.
Layer-2 switches have so much intelligence that they are able to provide VLANs.
A VLAN is a LAN that does not exist physically. It consists of a logical group of
devices or users, selected from the devices or users on an actual, physical LAN.
For example, users in a company’s Accounts department can be grouped together
into their own VLAN, while people in the Human Resources (HR) department
might belong to another VLAN. The various members of these two departments
might be dispersed over several floors of a building, as is the case in Fig. 4.9. The
devices within a VLAN can communicate only with each other. Communication
Frame
Destination Source Length/
Preamble Tag Data check
address address Type
sequence
between VLANs needs a router. (Brief details of routers are given later on in this
section and fuller details in Chapter 5).
When the 802.1q VLAN standard is in use, every Ethernet frame contains a
4-byte tag that can be used to define the membership of the VLAN groups. The
Ethernet switch inserts the tag into the Ethernet frame and recalculates the frame
check sequence (CRC). The position of the tag is shown in Fig. 4.10. Please refer
to Section 4.2.2 for an explanation of the other fields in the Ethernet frame.
VLANs are configured with software and when establishing them there is no
need to move equipment about or reconnect cables. VLANs make it easy to add
new stations or change the LAN in any way. VLANs also contribute to the security
of the network. The traffic on the Accounts VLAN in Fig. 4.9 stays within that
VLAN and nobody else can pry into the accounting files. Frames are switched
only between switch ports that have been defined to belong to the same VLAN.
VLANs also help networks to work more efficiently because those objects on the
network (users and devices) that communicate with each other most often can be
grouped together.
One disadvantage of network devices such as switches is that they add latency
to the network. Latency is the delay between the time when a frame leaves the
sending device and the time when the front of the frame reaches the receiving
device. Layer-2 switches can operate in three different modes: Cut Through, Store
and Forward, and Fragment Free. In Cut-Through operation, the switch starts to
transfer a frame that it has received as soon as it knows the MAC address of the
destination. The advantage of doing switching in this manner is that the latency is
very low. On the other hand, since the CRC is not checked, faulty frames as well
as error-free ones are switched.
In contrast, in Store-and-Forward mode, the whole frame is read into the switch,
stored briefly and then forwarded to the destination. This process takes longer than
Cut-Through switching but has the advantage that invalid frames are thrown away
by the switch rather than being passed on. Another advantage is that the frame can
be sent out at a different data rate from that at which it was received.
Fragment-Free mode is a compromise between Cut Through and Store and
Forward. Here, the first 64 bytes of the frame are read. This is because any errors
are likely to fall within the first 64 bytes. The Fragment-Free mode of operation
is not as fast as Cut-Through switching, but it does give a greater chance that the
frame being switched is worth sending on.
If we need to connect two or more networks or VLANs together, a router is
necessary. Routers, as the name would suggest, can do routing. In other words,
they can understand the addresses used by layer-3 protocols such as IP and make
decisions about where an incoming network packet should be sent next. The kind of
54 Communications and Networking
offers a common interface between the Network Layer (OSI layer 3) and the MAC
sub-layer. It also offers reliability and flow control. LLC is a subset of High-level
Data Link Control (HDLC), a wide-area Data Link Layer protocol, which is de-
scribed in Section 6.3. When a computer wants to transmit, it is the MAC sub-layer
that is responsible for putting the physical address of the destination computer
into the data frame. The physical address is the address of the destination com-
puter’s NIC. Figure 4.13 shows the LLC and some of the more important MAC
protocols.
4.2.2 Ethernet
Ethernet is far and away the most important standard for LANs. It has a fairly
long history, during which it has evolved considerably. Its success is due to several
factors. It is fairly simple, very reliable and above all cheap compared with rival
technologies.
DIX was the first Ethernet standard. It got its name from the three companies
that published it: Digital Equipment Corporation, Intel and Xerox. A few years
later, the IEEE brought out the 802.3 standard. This is slightly different from the
DIX Ethernet standard. It covers both OSI layer 1 and the lower part of layer 2,
which can be seen in Fig. 4.13. At this stage in its history, Ethernet ran at 10 Mbps.
Gradually, the maximum data rate of Ethernet has got faster and faster, moving
from 10 Mbps to 100 Mbps to 1 Gbps (1000 million bps), then to 10 Gbps, 40 Gbps
and so on. At all of these data rates, the format of the Ethernet frame is almost
identical, while the Physical Layer can vary considerably.
The IEEE uses the following naming scheme for its family of Ethernet standards.
First of all, there is a number that indicates the data rate in megabits per second.
This number is followed by the word ‘BASE’, to indicate the use of baseband
transmission (that is, using just one unmultiplexed channel). After this, there are
Local Area Networks 57
one or two letters that show what type of medium is being used. For example,
100BASE-T means that the data rate is 100 Mbps and that baseband transmission
and twisted-pair copper cabling are being used.
8 6 6 2 46-1500 4
Frame
Preamble Destination Source
Type Data+Pad Check
address address
Sequence
7 1 6 6 2 46 - 1500 4
Start Frame
Destination Source Length/ LLC Header + Data
Preamble Frame Check
address address Type + Pad
Delimiter Sequence
the Start Frame Delimiter, which indicates the end of the timing bits. The timing
information was necessary for the operation of 10-Mbps Ethernet. Though it has
not been needed for any higher-speed versions, it has been kept for reasons of
compatibility.
In both types of frame, the next two fields are for the destination (receiving
station) and source (sending station) addresses. Both these addresses are 48 bits
long and are usually shown as 12 hexadecimal digits. Every Ethernet card in the
world has a unique MAC address. The first six hex digits indicate the manufacturer
of the card; the second six are a unique identifier. For example, a certain Ethernet
NIC has the following MAC address: 00-02-44-37-60-FA. The 00-02-44 part of
the number identifies the manufacturer; 37-60-FA is the unique identifier.
The purpose of the next (two-byte) field differs in the two types of frame. In
Ethernet II, the receiving station has to find out which higher-layer protocol is
being carried in an incoming frame. It needs to know this in order to know to
which upper-layer protocol it must give the data. It finds this out by looking inside
the Type field. In IEEE 802.3, this field can be used as a Type field, but alternatively
can be used to carry the length of the data in bytes. There is no need to use this
field to identify the protocol if the LLC field (missing from Ethernet II) is being
used to do this. If the number is equal to or greater than 600 hexadecimal (1536
decimal), then it is taken to indicate the length.
The whole point of sending an Ethernet frame is to carry some data. The Data
field is the place where the data is put. The greatest size of a frame that is allowed
in low-speed versions of Ethernet is 1518 bytes; the minimum size is 46 bytes. If
the frame would otherwise be below the minimum size, it is padded out with extra
bytes to make it legal. The IEEE 802.3 frame also carries the LLC information
within the Data field. The 1000Base-T Gigabit Ethernet standard permits frames
larger than 1518 bytes. Up to 9 kbytes can be carried in one frame—a so-called
jumbo frame.
Finally, in the Frame Check Sequence (FCS) field, there is a 32 bits CRC
code to check for errors. This checks the integrity of the whole frame except the
Preamble/Start Frame Delimiter and of course the CRC field itself. (CRCs were
explained in Section 2.6.1.) Any frame with an invalid CRC is simply thrown away
without being processed any further because it is useless.
Ethernet Developments
Originally, Ethernet LANs always used coaxial cable. The cable formed a phys-
ical bus to which the stations were attached. To this day, the standard graphical
Local Area Networks 59
see which station the frame is for. If it sees its own address it will read the message;
otherwise it will ignore it. When the frame gets back to the sending station, the
sender frees up the token and puts it back onto the ring.
The topology is a physical star, with all the stations connected to a hub as
shown in Fig. 4.17. However, the logical topology is a ring, in which the flow
of information is controlled in a ring. (Modern Ethernet networks are ‘physical
star, logical bus’: the network works on a bus principle but is wired as a star.)
The data rate of Token Ring networks was originally 4 Mbps. It then increased
to 16 Mbps and ultimately reached 100 Mbps. Token Ring can guarantee that the
maximum waiting time before gaining access to the network will not be above
a certain figure. Such a network is termed deterministic. By contrast, Ethernet is
regarded as non-deterministic. Token Ring was a good technology but Ethernet
was cheaper and has largely displaced it.
FDDI is a large-scale, ring-based token passing system, with built-in fault toler-
ance, that was designed to take advantage of fibre-optic cabling. Again, Ethernet
has largely supplanted it.
4.4 Summary
This chapter has looked at various aspects of LANs. The chapter started with an
account of some of the factors that need to be considered when planning a LAN.
Factors affecting the choices between peer-to-peer and client-server LANs and
62 Communications and Networking
between wired and wireless networks were then considered. Various components
and devices for both wired LANs and WLANs were also described. Ethernet, being
by far the most important LAN technology, was covered at some length. Then,
some other wired LAN technologies were described. The chapter finished with a
brief sketch of SANs.
4.5 Questions
1. What are the advantages and disadvantages of client-server LANs?
2. What is a NIC and what does it do?
3. What advantages do Ethernet switches possess over Ethernet hubs?
4. What are virtual LANs (VLANs) and why are they useful?
5. Explain the three different modes of operation of layer-2 switches.
6. Describe the two sub-layers at the Data Link Layer of LAN protocols.
7. Describe how shared Ethernet controls access to the medium.
8. Why is it necessary to have a maximum and a minimum frame length when
using Ethernet?
9. Describe the Token-Ring access method.
10. (a) What is the purpose of SANs and what network technologies do they use?
(b) How do SANs differ from network attached storage (NAS)? (Answering
(b) will involve some research outside this text.)
5
Wide Area Networks
Wide area networks (WANs) were briefly introduced in Section 1.2. We now look
at WANs in a little more detail. The chapter starts with a look at the general charac-
teristics of WANs. After a brief mention of the use of the public switched telephone
network (PSTN) for computer networks, two packet-switching technologies, X.25
and Frame Relay, are described. Integrated Services Digital Network (ISDN), an
all-digital, circuit-switched service, comes next. Digital leased lines are then de-
scribed. This is followed by coverage of digital subscriber line and cable modem,
which offer alternative ‘always-on’ broadband services. Then, some ways of ac-
cessing LANs remotely are described. Next is a section on routers, which are
devices that are used to connect networks together. Finally, the use in WANs of
two technologies that were described in Chapter 4, ATM and Ethernet, is covered.
63
64 Communications and Networking
voice traffic rather than data, conversion of the digital signals from the computer
into the kind of signals that can be carried over the PSTN is necessary. Most of the
PSTN (the trunk lines) has been digital for several years, but the local loop, the
line between the customer premises and the local exchange, is normally analogue.
In Section 2.4.4, the differences between analogue and digital signalling were
explained. Amplitude, frequency and phase modulation and how these can be made
use of in the modem were also explained (please see Section 2.5). Figure 5.1 shows
modems being used to connect two PCs over a phone line.
the trunk lines and the local loop are digital. Such an arrangement means that all
sorts of data can be sent using the same system, since everything travelling over
the network is a stream of bits. In other words, the network can offer integrated
services of several different kinds.
There are two different kinds of ISDN: Basic Rate Interface (BRI) and Primary
Rate Interface (PRI). Both are circuit-switched services. BRI is for small businesses
or home users. BRI has two 64-kbps channels that can carry voice or data traffic.
These are known as bearer channels (B channels). In addition, there is a 16-kbps
delta channel (D channel) that is primarily used for signalling. However, since this
channel does not have to carry much signalling traffic, it is often used to provide
a slow X.25-type packet switching service.
For larger businesses ISDN PRI exists. This has 30 (23 in North America)
64-kbps B channels and a 64-kbps D channel. The total bit rate of ISDN primary rate
(except in North America) is 2.048 Mbps. Many B channels can be simultaneously
connected, making PRI ISDN suitable for such applications as videoconferencing.
This can be rather expensive, however.
BRI has been very convenient for small businesses. Compared with the analogue
PSTN (see Section 5.2 above), ISDN has a very short call setup time of just a few
milliseconds. Just one of its D channels offers a higher data rate than an analogue
modem link. Using bonding, the two 64-kbps channels can be combined to give
an effective throughput of 128 kbps. (Bonding has also been used with analogue
modems).
ISDN can be used to top up the capacity of a leased line connection (see Section
5.6 for information about leased lines). A router can be configured to open an
ISDN link whenever the leased line is being used above a certain threshold. The
leased line alone is normally in use. The ISDN line is used only when demand
reaches a peak.
ISDN can also be used to back up a leased line. For example, a certain company
might have a site in London and a site in Manchester connected by a leased line.
If the leased line goes down, a backup ISDN line can replace it for as long as
necessary. A router can be configured to bring the ISDN connection into play
automatically.
Charges for ISDN lines are similar to those for ordinary fixed-line telephone
lines. There is normally an installation charge and a quarterly line rental charge,
but most of the money that the customer pays is for how long the line is used. Such
a charging structure makes ISDN economical for fairly light usage.
Wide Area Networks 67
At one time, leased lines always used to be analogue but digital leased lines
have now taken over almost completely. To connect to an analogue leased line,
a special, synchronous modem is needed at each end of the line. The equipment
that organisations usually use with a digital leased line consists of a router and
a device called a Channel Service Unit/Data Service Unit (CSU/DSU) at each
end of the link. The CSU/DSU may take the form of a card that is fitted to a
router or computer, or may be contained in a separate box, as is shown in Fig.
5.5. The CSU/DSU is the DCE device that connects to the digital line. It performs
conversion between the kind of data frames used on the LAN and those used on
the WAN link. The CSU/DSU also protects the carrier’s network from damage
that could be caused by the customer’s network. The link between the router and
the CSU/DSU in Fig. 5.5 is a serial cable using a protocol such as EIA/TIA-232
or a near equivalent at the Physical Layer.
Leased lines can be shared using multiplexers (see Fig. 5.6). This helps to keep
costs down because both voice traffic and data traffic can share the line. Some
CSU/DSUs have multiple ports and have a built-in multiplexing capability.
The digital leased line services available in Europe and much of the rest of the
world are the E-carrier series. The T-carrier series of digital leased line services
is used in North America and a few other places. There are a few differences
between the E-carriers and T-carriers, such as the data rates offered. For example,
the E3 standard offers a data rate of 34.368 Mbps, whereas the equivalent T-carrier
standard, T3, offers a data rate of 44.736 Mbps.
Internet. The data rates that can be obtained are similar to those offered by DSL.
Cable modems are rarely used by businesses, as they are considered too unreliable
and insecure.
Figure 5.8 shows a part of a typical cable modem network. The cable modem
modulates and demodulates computer data for transmission and reception via the
cable TV system. The head-end is the place where the cable company is connected
to the Internet and where it receives television channels. Fibre-optic cable carries
the signals most of the way from the head-end to the customer’s house, but coaxial
cable is used for the last part of the journey. Data over Cable Service Interface
Specification (DOCSIS) defines the standards for transferring data using a cable
modem system.
5.10 Routers
As we learnt in Section 4.1.3, when we need to connect two or more networks
together, a router is usually necessary. With suitable software, any PC can act
as a router. But usually the term router refers to a special machine that does not
function as a general-purpose computer. The basic components of a specialised
router are the same as those of a normal PC. There is a processor, some memory,
a system bus and input/output interfaces. But in a dedicated router, unlike in an
ordinary PC, there will also be a specialised operating system, which can run the
router’s configuration files. The configuration files contain rules and instructions
to control the way in which data packets flow through the router. The router uses a
routing protocol to decide on the optimal path for packets. Routing protocols are
discussed in more detail in Chapter 6, but here let it suffice to say that the routing
protocol is completely different from the protocol that is being routed, such as IP.
Here is a very simple example of a router configuration file. Configuration files
can be much more complex than this.
interface Ethernet0/0
ip address 192.7.6.1/24
no shutdown
interface Serial0/0/0
ip address 201.26.12.1/24
no shutdown
router rip
network 192.7.6.0
network 201.26.12.0
This router has two interfaces—one Ethernet interface (Ethernet0/0) and one serial
interface (Serial0/0/0). Figure 5.9 shows a simplified rear view of such a router.
The Ethernet interface is used to connect to a LAN and the serial interface is used
to connect to a WAN, perhaps via another device such as a CSU/DSU or a modem.
In each of the first two sections of the configuration file, the first line states which
interface is being configured. The second line gives the interface an IP address
and subnet mask (subnet masks are explained in Section 6.1.6). The third line (‘no
shutdown’) makes the interface active.
The last section of the file indicates that the router is to use the Routing Informa-
tion Protocol (RIP), which is a routing protocol. The command ‘router rip’ makes
the router exchange routing tables with neighbouring routers automatically every
few seconds. A router’s routing table contains its knowledge about open paths
through networks. It is possible for a network administrator to configure static
routes, but it is usually more convenient to allow a routing protocol to maintain
the routing tables dynamically.
The networks to which the router is attached are listed in the last two lines of
the configuration file. These two lines tell the router that these are the networks
about which it must inform its neighbouring routers. This configuration file is
for a Cisco R
router and uses commands from the Cisco Internetwork Operating
R
System (IOS), but configuration files for other makes of router are fairly similar.
The interconnected networks are known as an internetwork. The internetwork that
is referred to in the sample configuration file given above is illustrated in Fig. 5.10.
The other router shown in Fig. 5.10 would also have its own configuration file.
Routers can be used to segment LANs but their main use is in WANs. They
work at OSI layer 3, the Network Layer. They examine layer-3 packets such as IP
datagrams. Since they are able to understand layer-3 addressing, they can make
decisions about where to send packets based on network addresses. The central
capabilities of a router are an ability to select the best path for a packet and an
ability to switch it to the correct interface. The router finds out the best path by
consulting its routing table.
A router’s routing table contains an entry for at least some of the routers in the
system of which it is a part. The entry shows on which link a packet should be
transmitted when the final destination is that node. Table 5.1 shows the routing
table for Router A in Fig. 5.11. This is a simplified example. The exact format of
the routing table would depend on the type of the router and the routing protocol in
use. The symbol used in Fig. 5.11 that looks like a drum with arrows on top of it is
the standard symbol for a router. This symbol is shown more clearly in Fig. 5.12.
In Table 5.1, there are multiple entries for all nodes (except A) in case of a
failure. If either a router or a link goes down, it is important that there are alternative
possibilities for routes. For example, imagine that a packet needs to be sent from
a PC on the LAN attached to router A to a PC on the LAN attached to router E.
The routing table suggests that the packet should be sent out of the router on link
4. However, if this is not possible because either link 4 or router D is down, there
is an alternative route via link 1 (or even link 2, though this would appear to be a
more roundabout route to router E).
We cannot tell which routes are really the best ones merely by inspecting
Table 5.1. Some routes use more links than others but some of those links may be
longer. It is quite possible that a route using four links may turn out to be shorter
than one that uses only two links. Some links may have higher data rates than
others, which might result in a route consisting of four links being better than one
with only two links. As we shall see in Chapter 6, some routing protocols use more
sophisticated metrics (ways of measuring how good routes are) than others.
steady supply of bandwidth. Examples of such applications include voice and full-
motion video, where it is important that latency and jitter are kept to a minimum.
Variable bit rate (VBR) is for LAN-type traffic, which happens in bursts. VBR
includes real-time and non-real-time service classes (VBR-RT & VBR-NRT). Un-
specified bit rate (UBR) gives no guarantees as to if or when transmitted data
will arrive at the destination. Available bit rate (ABR) gives minimal bandwidth
guarantees.
5.13 Summary
This chapter has looked at various aspects of WANs. The analogue PSTN can
be used for computer communications if nothing better is available. However,
businesses usually use other WAN technologies. The packet-switching technology
X.25 was the forerunner of the much faster Frame Relay. ISDN is an all-digital,
circuit-switched service, which can be used for voice and data of various kinds.
Digital leased lines can be used for point-to-point connections. The various forms
of DSL offer an ‘always-on’ broadband service, using the copper lines that were
installed for the ‘last mile’ of the PSTN. Cable modem offers a similar service over
a cable TV infrastructure. Three different ways of accessing LANs remotely were
described. Routers are important devices that are used to connect networks. ATM,
although it has been used in LANs to a limited extent, was expressly designed to
carry multimedia information over long distances. Ethernet, though fundamentally
a LAN technology, is also used for WANs.
5.14 Questions
1. Explain the difference between DTE and DCE.
2. What does ‘CIR’ stand for and what is its purpose in Frame-Relay service
agreements?
3. What do ‘BRI’ and ‘PRI’ stand for? Explain the differences between these
two kinds of ISDN.
4. How long would it take to transfer a 250-MB file over an ISDN link of 64
kbps? Is the answer realistic?
5. What does a CSU/DSU do?
6. What is the difference between ADSL and SDSL?
7. Distinguish between the Remote Control and Remote Node methods for re-
mote access to LANs.
78 Communications and Networking
8. Using Table 5.1 as a model, construct the routing table for router D in Fig. 5.11.
9. Explain the ATM classes of service.
10. Which WAN service would you recommend for the following applications?
(a) videoconferencing (i.e., transmitting video and audio back and forth be-
tween two or more different sites)
(b) low-speed connection to the Internet
(c) high-speed connection to the Internet
6
Network Protocols
This chapter deals with network protocols of various kinds, especially transmission
control protocol/Internet protocol (TCP/IP) and related protocols. It concentrates
heavily on IP and TCP themselves. While some attention is given to version 6 of
IP, material on IP version 4 occupies most space in the section about IP. A section
on Internet Control Message Protocol (ICMP), which is used on TCP/IP networks
to send error messages and informational messages of various kinds, precedes
the material on TCP. High-Level Data Link Control (HDLC), a layer-2 protocol
that is used in WANs, features next. Multiprotocol label switching, which permits
highly efficient routing, is briefly covered. Finally, two different classes of routing
protocols, which allow routers to inform each other about networks that they know
about without human intervention, are described.
79
80 Communications and Networking
Address Classes
Three classes of IP address cater for large, medium-sized and small networks.
Class A addresses are for large networks, Class B for medium-sized networks and
Class C for small networks. (In addition to these three classes, Class D exists for
multicasting, sending the same message to a group of hosts, and Class E exists for
research use.) Classes A, B and C are illustrated in Fig. 6.1.
With three octets given over to host addresses, each Class A address makes
available over 16 million host addresses. Only the leftmost octet is used for the
network portion of the address and the other three octets are for the host portion.
The leftmost bit of a Class A address is always 0. The address 127.0.0.1 (loopback
address or localhost) is used for testing IP software. Any address whose leftmost
octet is a decimal value between 1 and 126 inclusive is a Class A address.
Class B addresses were intended for medium-sized networks. The first two octets
are used for the network part of the address and the last two are for the host part
of the address. The leftmost two bits of the first octet are always 10 in a Class B
address. An address whose leftmost octet is a decimal value between 128 and 191
inclusive is a Class B address.
Class C addresses were designed for small networks with no more than 254 hosts.
All Class C addresses begin with the three bits 110. An address whose leftmost
octet is a decimal value between 192 and 223 inclusive is a Class C address. The
first three octets are used for the network part of the address and the last octet is
the host part of the address. Table 6.1 shows the ranges of the leftmost octet in
address classes A to C.
these; other routers will not. The situation in LAN B is just the same in this respect.
As we can see in Fig. 6.2, LAN B’s network address is 194.216.5.0.
Note that the router interface in Network A has an IP Address that belongs to
Network A; the interface in Network B has an IP address from Network B. Not
shown in Fig. 6.2 is the address of the router’s WAN interface, which will be
completely different from the addresses on its two Ethernet interfaces.
An example of a Class A network address is 117.0.0.0. 117.0.0.13, for example,
is a host on that network. In a Class A address, the first octet is the network portion
and the last three octets are the host portion. A Class B example is 183.22.0.0.
183.22.0.254 is an example of a host on that network. In a Class B address, the
first and second octets are the network portion and the remaining two octets are
the host portion.
Another IP address that we cannot use as a host address is the broadcast address.
The broadcast address is illustrated in Fig. 6.3. The address 194.216.4.255 will
reach all network interfaces belonging to LAN A. The address 194.216.5.255 will
reach all network interfaces belonging to LAN B. If data is sent to the broadcast
address, it will go to all the hosts on the LAN. When a host sends data to all
hosts on a network at once, this is called a broadcast. In binary, the host part of
a broadcast address is all 1s. For example, the broadcast address for LAN A is
11000010.11011000.00000100.11111111 in binary.
packet needs both the IP and the MAC address of the destination. Network devices
maintain Address Resolution Protocol (ARP) tables, which contain the correspon-
dences between the IP addresses and the MAC addresses of other devices on their
LAN. ARP tables are kept in random access memory (RAM). Whenever a network
device needs to transmit data, it consults its ARP table. A typical ARP table is
shown in Table 6.2.
Once the sending device knows the IP address of the destination, it needs to
know the MAC address too. It looks in its ARP table for this. If it finds an entry in
the table for the destination IP address, it can look up the destination MAC address
from there.
A network device builds its ARP table in two ways. First of all, it has to analyse
the traffic on its Ethernet segment to find out whether data that has been sent out
is for it. During this process, it writes the IP addresses of datagrams that it sees
and their associated MAC addresses to the ARP table. But sometimes a computer
wants to send a message to a station whose MAC address is not in its ARP table.
In this case, it has to send out an ARP request.
The ARP request is a broadcast to all devices in the network. The ARP request
packet contains the sender’s hardware Ethernet address and its IP address. It also
includes the target machine’s IP address. All the network devices examine the ARP
request packet that has been broadcast to them. If one of these finds that its own
IP address is the target address, it will respond directly to the enquiring device
with its Ethernet address. The sender now has the target’s Ethernet address and
can encapsulate its IP datagram inside an Ethernet frame and send it off. The ARP
request and response is illustrated in Fig. 6.4.
6.1.4 Fragmentation
When an IP datagram arrives at a network device in a data link frame, the re-
ceiver extracts the datagram and discards the frame header. Each network in an
Internet (two or more interconnected networks) may be different at the Data Link
Layer. Fig. 6.5 shows what happens to an IP datagram at each stage of its journey
across an Internet. Whenever it goes across a particular network, the datagram is
encapsulated in the correct type of frame for this network.
Every network has a maximum transmission unit (MTU). For example, the stan-
dard Ethernet MTU is 1500 bytes and that of 16-Mbps token ring is 17,914 bytes,
but the standard MTU for the Internet is only 576 bytes. Therefore, it is quite
possible that an IP datagram may be too large for a particular network across
which it has to travel. In this case the datagram has to be fragmented (divided
up into smaller pieces). When a router receives an IP datagram bigger than the
MTU of the network that it is going to be sent over, it divides the datagram
into fragments. When the datagram reaches the destination, it must be reassem-
bled (put back together again). Fragmentation and reassembly are illustrated in
Fig. 6.6.
An IP datagram starts its journey on the left-hand side of Fig. 6.6, where it
is in a token ring LAN with a large MTU size. Since the next network is an
Network Protocols 85
Ethernet LAN, the router that connects the two LANs together has to fragment the
original datagram into smaller pieces. The next router along knows that the data
must now be put onto a WAN with an even smaller MTU size than the Ethernet
LAN had, so it has to fragment again. The final router does not need to do any
fragmentation, as the datagram is now moving to another Ethernet LAN, which has
a larger MTU than the WAN network. Finally, the target computer reassembles the
fragments using information that was put into their headers when the fragmentation
happened.
If the client gets more than one offer, it selects the best, for example the one with
the longest lease. It sends out a broadcast asking to lease this IP address. The
DHCP server that made the best offer responds and all the other servers rescind
their offers.
Using an auto-configuration protocol such as DHCP is advantageous in large
networks. This avoids having to configure a large number of machines by hand.
New machines can be added to the network more easily. There is less chance of
making errors (for example, duplicate IP addresses being configured).
(see Section 6.1.1) appears to be rather wasteful. For example, certain large or-
ganisations took all the Class A addresses long ago, even though they could not
actually use all the 16 million plus host addresses that belong to each Class A
network. There have been several partial solutions to the shortage of addresses.
These include private IP addresses, network address translation (NAT), subnet-
ting, variable-length subnet masks (VLSM) and classless inter-domain routing.
The ultimate solution, IPv6, is covered in Section 6.1.7.
Private IP Addresses
Certain ranges of IP addresses are reserved for use as private addresses. These can
be used only within a private network and cannot be used on public networks. The
ranges are shown in Table 6.3. The same private addresses can be used simultane-
ously in many different networks all over the world.
coming from only one computer, which has only one IP address. An example of
NAT is shown in Fig. 6.10. It can be seen in the figure that one of the interfaces of
the router and all the other devices on the internal network have private addresses
ranging from 192.168.0.1 to 192.168.0.5. The interface that is connected to the
Internet has a completely different (public) address. The NAT router uses a port
mapping table, so that it knows which device on the internal network is sending or
receiving data via the external address at any one time. (Port numbers are explained
in Section 6.2.6.)
Another advantage of NAT is that it hides the internal structure of the network
from any potential attacker. The attacker is not given an idea of how many hosts
there are on the internal network or how these are organised.
Subnetting
Subnetting is another technique that is used to make the most efficient use of
IPv4 addresses. As part of the discussion, we will first investigate standard subnet
masks. Any Internet device that is using IP needs to find out what IP network a
given network device belongs to (including its own network interface). It does this
by performing a logical AND operation on its address and subnet mask. Table 6.4
shows the standard subnet masks for the three address classes with two alternative
ways of expressing the masks.
According to Table 6.4, the standard subnet mask for a Class C address is
255.255.255.0 or /8. Such a subnet mask indicates that the first three octets of
the address are network bits and the last octet is host bits. The reader can try for
himself or herself to relate the masks for Classes A and B to the information on
these address classes that is given in Section 6.1.1. In binary, the standard Class
C subnet mask is 11111111.11111111.11111111.00000000. Let us now see what
happens when a network device needs to know to which network a given Class
C address, say 192.168.0.2, belongs. It performs a bitwise logical AND operation
between 192.168.0.2 and 255.255.255.0, the standard Class C subnet mask. In
binary, this is as follows:
Address: 11000000. 10101000. 00000000. 00000010
Subnet Mask: 11111111. 11111111. 11111111. 00000000
Result: 11000000. 10101000. 00000000. 00000000
The result of the AND-ing operation is that the network device now knows that
the device with address 192.168.0.2 belongs to the 192.168.0.0 network. Although
a human being can see this at a glance, a machine, having no intuition, has to work
it out using a logical operation. Although this may seem to be a clumsy process,
a computer can carry out logical operations of this sort extremely fast. When a
router receives an IP datagram, it has to find out which network it belongs to by
applying the appropriate subnet mask. It can then consult its routing table to find
out which network to forward it to.
So far, the reader will probably have received the impression that the system of
address classes is inflexible. However, there is an alternative to using the standard
subnet masks. It is possible to use custom subnet masks and ultimately to move
the boundary between the network and host parts of the address almost at will.
Part of the host field of the address can be used as part of the network field. This
allows a network to be divided into interior networks (subnets). Externally, only
one network address is sufficient to access the site. A great advantage of this system
is that it keeps the size of external routing tables to a minimum. An example of a
custom subnet mask is given in Fig. 6.11.
In Fig. 6.11, we see that the first host bit of the last octet has been ‘bor-
rowed’ to become part of the network field. Whereas the standard Class C sub-
net mask (255.255.255.0) would give no subnets and 254 hosts, a subnet mask
Network Protocols 91
Class C Network:
Subnet Mask 255.255.255.128
of 255.255.255.128 gives two subnets with 126 hosts on each subnet. Fig. 6.12
shows the effect of various custom Class C subnet masks on the number of subnets
and hosts that are available. We can see from the figure that as the number of
subnets increases, the number of hosts that are possible on each subnet decreases.
The node number of a host on a given subnet is added to the subnet address to
give the complete IP address for the node. For example, with a subnet mask of
255.255.255.128 and a network address of 193.78.142.128, host 1 on this network
would have the IP address 193.78.142.129.
with 16 million available host addresses, were even more profligate. CIDR was
designed for Internet service providers (ISPs) so that they could put together con-
tiguous blocks of addresses to give efficient addressing schemes. Using CIDR a
block of addresses can be represented by just one summary address. This is termed
route summarisation or aggregation or supernetting.
For example, if an organisation needed about 1000 addresses, four Class C
networks of 250+ hosts each could be supernetted to represent approximately 1000
hosts with a single summarised address. Fig. 6.13 illustrates route aggregation.
Four Class C routers with a 24-bit mask are summarised at the ISP router with a
22-bit mask. The Class C addresses are as follows.
Router 1: 194.200.128.0 (binary: 11000010.11001000.10000000.00000000)
Subnet mask: 255.255.255.0 (binary: 11111111.11111111.11111111.00000000)
Router 2: 194.200.129.0 (binary: 11000010.11001000.10000001.00000000)
Subnet mask: 255.255.255.0 (binary: 11111111.11111111.11111111.00000000)
Router 3: 194.200.130.0 (binary: 11000010.11001000.10000010.00000000)
Subnet mask: 255.255.255.0 (binary: 11111111.11111111.11111111.00000000)
Router 4: 194.200.131.0 (binary: 11000010.11001000.10000011.00000000)
Subnet mask: 255.255.255.0 (binary:
11111111.11111111.11111111.00000000)
These are summarised as 194.200.128.0/22, which substantially reduces the size
of the ISP router’s routing table.
Those routing protocols that support VLSM also support CIDR. Note that the
subnet masks in the diagrams (for example, /24) are expressed using the CIDR
format rather than the older (255.255.255.0) format.
6.1.7 IP Version 6
IPv6 is the next generation of IP. It is designed to improve upon IPv4 in various
ways. It is easier to configure and more secure than IPv4. It is also designed to
support large-scale applications, peer-to-peer applications and mobile applications.
Network Protocols 93
Diagrams showing the formats of the IPv6 datagram and the IPv6 base header can
be found in Appendix A.
The most obvious advantage of IPv6 is its addressing capacity. IPv6 uses 128-
bit network addressing instead of IPv4’s 32-bit addressing. 128-bit addressing
provides enough addresses to give every person alive today over a million addresses
each. There are no address classes in IPv6: the boundary between the network prefix
and host suffix can fall anywhere. Dotted decimal notation would be unwieldy,
and so ‘colon hexadecimal’ (colon hex) is used instead to represent the underlying
binary. Colon hex consists of groups of 16-bit numbers in hexadecimal separated
by colons, for example 6ADC:8564:FFFF:FFFF:0:1380:8E01:FFFF.
The format of the IPv6 header is very different from that of IPv4. The basic IPv6
header (base header) is simpler, with fewer fields. Any additional information is
stored in optional extension headers. This header system is extensible, allowing
new features to be added more easily than with IPv4. The header is only as large as
it needs to be, which gives greater efficiency. A flow label is included in the base
header. The flow label is used to forward datagrams along a prearranged path so
that demanding applications such as audio and video can get the quality of service
that they need.
Address auto-configuration is built into IPv6. It allows a large number of IP
hosts to discover the network easily and to get new, globally unique addresses.
This means that devices such as mobile phones, small handheld computers and
various domestic appliances can be deployed on a ‘plug-and-play’ basis. There is
no need for manual configuration or DHCP servers as with IPv4. Duplicate address
detection (DAD) is built in.
Security in IPv6 is better than in IPv4 in that the IP security protocol (IPSec) is
mandatory in IPv6 but only optional in IPv4. (IPSec is explained in Section 8.2.1.)
IPv6 makes encryption (scrambling data to keep it secure), authentication (finding
out if someone or something is who or what he/she/it claims to be) and VPNs easier
to implement. It offers access control, confidentiality and data integrity without
needing extra firewalls (firewalls are described in Section 8.3).
IPv6 uses multicasts instead of broadcasts for such purposes as router discov-
ery and router solicitation requests. This saves network bandwidth and improves
network efficiency. Mobile IP is part of IPv6. It allows mobile computers to keep
their network connections while roaming about.
IPv4 and IPv6 need to be able to coexist. The Internet is such that there cannot
be a ‘big bang’, in which all IP-based communications suddenly switch from IPv4
to IPv6. Some parts of the world, for example Far Eastern countries such as China,
were much more receptive to IPv6 early on than countries such as the USA. The
fact that the USA had the lion’s share of IPv4 addresses goes some way towards
explaining this.
that the source host knows about such problems, and so ICMP exists to provide
an error-reporting mechanism. Various errors can be detected. One problem that
might occur is that a packet’s Time to Live (TTL) has expired. The TTL limits the
number of routers that a datagram is allowed to pass through before it is discarded
(see Fig. A.1 in Appendix A). The TTL is set when the source host sends the
datagram. It is decremented by every router that it passes through on its journey.
If the TTL ever gets down to zero, the datagram is thrown away. Another potential
problem is that, for some reason, there is no route to the destination network. It
may be impossible to deliver a datagram to the destination host because there was
no reply to an ARP request. Errors of these kinds can be reported to the source
host using ICMP. The router sends a message encapsulated in an IP datagram back
to the source. This message carries information about the problem that has arisen.
As well as error messages, ICMP is also used to transmit informational messages.
For example, it is used to discover a replacement router when a router has failed.
Ping, a very useful utility program for testing reachability, makes use of ICMP
echo request and echo reply. We shall now devote some space to an exploration of
Ping.
If datagrams can be delivered from IP host A to host B, we can say that A
is reachable from B. Ping tests reachability in the following way. Ping sends a
datagram from B to A (ICMP echo request). Host A echoes this datagram back
to B (ICMP echo reply). Here is an example in which a host is pinged from a
Microsoft Windows computer. By default there are four pings (and, it is to be
hoped, four replies) when using Windows.
ping bs47c
Pinging bs47c.staffs.ac.uk [193.60.1.15] with 32 bytes of data:
Reply from 193.60.1.15: bytes = 32 time < 10 ms TTL = 63
Reply from 193.60.1.15: bytes = 32 time = 1 ms TTL = 63
Reply from 193.60.1.15: bytes = 32 time < 10 ms TTL = 63
Reply from 193.60.1.15: bytes = 32 time < 10 ms TTL = 63
Ping statistics for 193.60.1.15:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss)
Approximate round trip times in milli-seconds:
Minimum = 0 ms, Maximum = 1 ms, Average = 0 ms
ICMP echo messages are also used by another very useful utility program called
traceroute (tracert in Windows). This can be employed to trace the complete route
from host X to host Y. The route is the list of all the routers along the path from X
to Y. Host X sends out ICMP echo messages with an increasing TTL. Whenever
a router decrements the TTL to 0, it sends back an ICMP message, including its
own address as the source address. When the TTL is 1, the echo message only
gets as far as the first router. The first router discards the echo message and sends
back an ICMP message saying that the TTL was exceeded. When the TTL is 2,
the message gets as far as the second router. The TTL is increased by 1 each time
host X has another attempt at sending the echo message until a message is received
Network Protocols 95
back from the destination host. Here is an example in which a route is traced from
a Windows host.
tracert www.google.com
Tracing route to www.google.com [216.239.39.100] over a maximum of 30 hops:
1 8 ms 8 ms 8 ms 10.33.0.1
2 12 ms 6 ms 9 ms gsr01-du.blueyonder.co.uk [62.31.176.129]
3 10 ms 10 ms 7 ms 172.18.4.37
4 24 ms 33 ms 29 ms atm7-0-wol-hsd-gsr-linx.cableinet.net
[194.117.158.130]
5 27 ms 25 ms 24 ms e41-isp1-gw1-uk.cableinet.net [194.117.140.9]
6 25 ms 25 ms 27 ms ibr01-g2-0.linx01.exodus.net [195.66.224.69]
7 26 ms 25 ms 27 ms 212.62.2.209
8 111 ms 10 ms 112 ms bbr02-p1-2.whkn01.exodus.net [209.185.249.133]
9 104 ms 105 ms 112 ms bbr01-p3-0.stng02.exodus.net [209.185.9.102]
10 105 ms 104 ms 106 ms dcr01-g2-0.stng02.exodus.net [216.109.66.1]
11 106 ms 105 ms 111 ms csr11-ve241.stng02.exodus.net [216.109.66.90]
12 103 ms 105 ms 106 ms 216.109.88.218
13 108 ms 105 ms 105 ms dcbi1-gige-1-1.google.com [216.239.47.46]
14 106 ms 103 ms 113 ms www.google.com [216.239.39.100]
sliding windows. It ensures that the transfer of data is reliable by using sequence
numbers and acknowledgements (ACKs). A diagram showing the TCP segment
format can be found in Appendix A.
6.2.5 Windowing
The receiver needs to get all the data segments in the same order as they were
transmitted, undamaged and with no duplicate segments. One way to guarantee
this is to let the receiver acknowledge every data byte before the next one is
transmitted. This scheme is illustrated in Fig. 6.15.
However, making the sender wait for an ACK before sending every byte is rather
inefficient. Therefore, TCP, like most reliable connection-oriented protocols, lets
there be more than one unacknowledged data byte in transit at a time. The number
of outstanding, unacknowledged bytes is called the window size. (The reader is
invited to relate this discussion to the discussion of ARQ mechanisms that was
presented in Section 2.6.1.)
The ACKs that TCP uses are called ‘expectational’. This means that the ACK
number refers to the segment that is expected next. (The ACKs that are shown in
Sender Receiver
Send Byte 1
Receive Byte 1
Send ACK 2
Receive ACK 2
Send Byte 2
Receive Byte 2
Send ACK 3
Receive ACK 3
Sender Receiver
Fig. 6.15 are of this kind.) If the receiver finds that a segment is missing from a
sequence (that is, there is a missing sequence number) the segment is sent again.
The TCP window size is not fixed, but is negotiated dynamically during a session.
This windowing system is used for flow control. The sender and receiver may be
working at different speeds, so the receiver needs to be able to tell the sender
to stop sending any more data if its buffer is full. The receiver sends a window
advertisement. The advertisement shows how much buffer space it has available
in terms of a number of bytes. The sender is allowed to send only as much data as
the receiver has space for. As the data is received, the ACKs show a smaller and
smaller window. When the window advertisement is 0, the sender must stop sending
any more data. When the receiving application deals with some data, it sends an
ACK with a new window size. The sender and the receiver have separate window
sizes because they are communicating on a full-duplex basis. Fig. 6.16 shows how
the TCP sliding window operates. (In practice, the window sizes are likely to be
Network Protocols 99
somewhat larger than those shown in the figure.) There is also a congestion-control
window, which is of the same size as the receiver’s flow-control window most of
the time.
higher-layer protocols. All UDP does is sends and receives datagrams. The main
difference between UDP and IP is that UDP adds port numbers, to indicate to
which application the data belongs.
UDP is used wherever there is no need for sequences of segments that must
be put together. Among the Application-Layer protocols that use UDP are DHCP,
DNS, Trivial File Transfer Protocol (TFTP) and Simple Network Management
Protocol (SNMP). UDP is faster than TCP. Whenever communications are time
sensitive, UDP is often used. For example, it is used for Internet telephony (see
Section 7.7.2), where speed is of the essence.
8 8 8 >= 0 16 8
Flag Address Control Data Checksum Flag
of routes through it. The routers get to a state of convergence as a result of talking
to each other and sharing their knowledge.
There are two types of routing protocols: distance vector and link state. A router
that is using a distance-vector protocol regularly sends copies of its routing table
to its neighbours. The name distance vector refers to the method that is used to
measure the distance (or metric) from one network device to another. A common
metric is hop count—a measure of the number of hops (links) between one router
and another. Hops are illustrated in Fig. 6.19.
The route from router A to E going via routers C and D in Fig. 6.19 is three
hops long. (The links from A to B, from B to E and from A to D are also hops,
though not labelled as such in the diagram.) The RIP distance-vector protocol uses
hop count as its metric. In Fig. 6.20, we see the exchange of routing tables. Router
Y sends copies of its routing table to its neighbours, Routers X and Z. Routers
X and Z send copies of their routing Tables to their neighbours, which include
router Y. The other routers in the internetwork also send their routing tables to
6.6 Summary
This chapter has looked at various network protocols. The IP protocol, which
carries all the traffic on the Internet, was described in some detail, particularly
Version 4. Version 6 was also mentioned. IP is responsible for moving packets
from source to destination across networks. It supplies a connectionless, unreliable
service. ICMP, which is used on TCP/IP networks to send error messages and
informational messages of various kinds, was covered next. TCP received a lot
of attention. It works on top of IP to give a reliable, connection-oriented service.
It guarantees end-to-end delivery of packets. It corrects lost, corrupted, out-of-
order and delayed packets. HDLC, a layer-2 protocol that is used in WANs, was
described. Multiprotocol label switching, which permits highly efficient routing,
was briefly covered. Finally, two different classes of routing protocols, distance
vector and link state were described. Routing protocols allow routers to inform
each other about open paths through internetworks automatically.
6.7 Questions
1. What is ‘dotted decimal’?
2. To which IPv4 address class does the address 193.60.1.15 belong?
3. What is the purpose of a ‘broadcast address’?
4. What service does IP provide?
104 Communications and Networking
5. (a) What are the differences between IP addresses and Data Link Layer ad-
dresses?
(b) Give an example of each kind of address.
(c) When a message is sent from one computer to another, how is the destina-
tion IP address translated to a Data Link Layer address?
6. Describe the structure of IPv4 address classes.
7. Why might an IP datagram need to be fragmented?
8. Where are IP fragments reassembled?
9. Explain path MTU discovery.
10. What is a default gateway?
11. (a) How many subnets does the Class C subnet mask of 255.255.255.224 give?
(b) How many hosts can there be on each subnet?
12. What is the purpose of the TTL field in the IP datagram structure?
13. What is the ping utility program used for?
14. What is the purpose of the traceroute (tracert) utility program?
15. What functions does TCP perform?
16. Explain the differences between connection-oriented and connectionless
working.
17. Explain the steps in the TCP three-way handshake.
18. What is the purpose of port numbers?
19. What is the smallest number of bits that there can be in an HDLC frame?
20. The following sequence of bits is to be sent out over a link in the user data
field of the HDLC protocol. Write down what the sequence will be after bit
stuffing has taken place.
0111111101010101111101110000001111110101
21. Explain the differences between distance-vector and link-state routing proto-
cols.
7
Internet Application Layer Protocols
In the previous chapter, we saw how IP packets carry TCP segments or UDP
datagrams across networks. Now it is time to look at what happens in the top
layer of a TCP/IP-based network, the Application Layer. This chapter starts with
an explanation of client-server technology, which underlies most Internet activ-
ities. The following applications are examined in turn: the Domain Name Sys-
tem (DNS), the World Wide Web, Remote Access, File Transfer, E-mail, the
delivery of streamed content over the Internet and Voice over IP (VoIP). The
main protocols for each of these applications are discussed. The chapter ends
with brief descriptions of peer-to-peer (P2P) file sharing and instant messaging
(IMI).
Note that all the applications described below depend on TCP/IP and the un-
derlying network to deliver the data. If necessary please refer back to Chapter 3
or forward to Section 7.4.1 for a reminder of the encapsulation process.
105
106 Communications and Networking
However, it is not easy for human beings to remember numerical addresses for
Web sites. The DNS allows us to use textual names instead of numeric addresses,
which is a much more attractive idea.
A domain is a group of computers that belong together for some reason. For
example, they may be located in the same place or belong to the same type of
business. A domain name is a string of characters, usually a name or an abbrevi-
ation. This string of characters represents the numeric address of an Internet site.
In Table 7.1, there is a list (not exhaustive) of generic top-level domains.
Many two-letter country code top-level domains also exist. Examples include
the following:
.uk – United Kingdom
.de – Germany (Deutschland)
directory service that offers a way of managing the objects that make up network
environments) also depends on DNS.
If the local DNS server is able to translate a domain name into its IP address, it
does so and returns the result directly to the client. This is illustrated in Fig. 7.4.
If the local DNS server is not able to carry out the translation, it passes the
request on to the next higher level DNS server. This server tries to translate the
address. If it is able to translate the domain name, it returns the result to the client.
If it cannot manage the translation, it sends the request to the next higher level
DNS server. This carries on until either the domain name has been translated or
the top-level DNS server has been reached. If the top level DNS server cannot find
out the answer, then an error is returned.
7.3.2 Hyperlinks
In the Web page illustrated in Figs. 7.5 and 7.6, there is a hyperlink
(http://www.staffs.ac.uk) to another Web site. This kind of address is called a URL.
By clicking on such links, users can navigate around the Web very easily; this, in-
deed, is one of the Web’s main attractions. In the URL http://www.staffs.ac.uk, the
‘http://’ part instructs the browser to use the HyperText Transfer Protocol (HTTP).
110 Communications and Networking
The ‘www’ part is the name of the server that the browser must contact (the name
‘www’ is often used for the name of a Web server). The ‘staffs.ac.uk’ part identifies
the domain entry of the Web site.
The hostname is the IP address or DNS name of the remote computer. The
terminal type is the type of terminal emulation that your computer is going to
use. The port selected will be the telnet port. Fig. 7.9 shows a typical login
prompt.
When you use Telnet, your computer acts as a dumb terminal with no processing
power of its own. The keystrokes that you make are sent to the remote host and all
the processing is done on the remote computer.
Application
Presentation Data
Session
Transport
Data
Transport Header
IP Header Transport
Data
Network Header
Physical
the hardest to use of the three but is very flexible (see Fig. 7.12 for a screenshot of
FTP being invoked from the command line). A sample of FTP commands is given
in Table 7.2 (the list is not exhaustive).
A typical GUI-based FTP client program is illustrated in Fig. 7.13. The FTP
client shown in the figure is FileZilla, a free program, but many others are available.
The third form of interface is a Web browser. Instead of entering ‘http:’ into
the location bar as normally, the user enters ‘ftp:’ followed by a location (see
Fig. 7.14). This instructs the browser to use FTP to download the file, rather than
HTTP.
Anonymous FTP
Anonymous FTP services, where the user does not need an account on the remote
host, are common on the Internet. The username that is used when logging in
anonymously is ‘anonymous’ and the password is one’s e-mail address. When
using command-line FTP or a GUI-based client such as FileZilla, it is possible to
log into an FTP server on which one has an account using one’s own username
and password. The user may then both download and upload files if the directory
permissions are set to allow this.
the envelope contains. The envelope encapsulates the message and contains the
necessary information for transporting the message, such as the destination address,
the priority of the message and so on. The MTAs use the envelope for routing,
just as a postal service does with physical mail. The message content inside the
envelope has two parts: the header, which contains control information for the user
agents and the envelope where the actual, meaningful message is placed.
A full e-mail message is shown in Fig. 7.18. The user does not normally see
as many details as this. The forward path, which follows the SMTP command
TO, is used to route the message to the destination. Note that a return path is also
specified. This can be used to let the sender know that the message has arrived at
the destination, to send any error messages to the sender and for the recipient to
send a reply. The maximum message size for SMTP is only 64K. In the example
quoted below, ESMTP (Extended SMTP, which allows much longer messages than
normal SMTP) is used.
Return-Path: <ssdesk@bighotel.com>
Received: from camcord2-smrly1.igtei.net (camcord2-smrly1.igtei.net
[128.23.173.4]) by mail.staffs.ac.uk (8.9.1/8.9.1) with ESMTP id
VAB18434 for <J.Cowley@staffs.ac.uk>; Sun, 13 May 2004 21:25:08 +0100
BST)
From: ssdesk@bighotel.com
Received: from ae1.travelweb.com (ae1.travel.com [207.248.14.24])by
camcord2-smrly1.gtei.net (Postfix) with ESMTP id 33E18481A for
<J.Cowley@staffs.ac.uk>; Sun, 13 May 2004 20:25:01 +0000 (GMT)
Received: from ae1 (localhost [127.0.0.1]) by ae1.travel.com
(8.9.3+Sun/8.9.3) with SMTP id NAB08430 for <J.Cowley@staffs.ac.uk>;
Sun, 13 May 2004 13:25:04 -0700 (MST)
Date: Sun, 13 May 2004 13:25:04 -0700 (MST)
To: J.Cowley@staffs.ac.uk
Subject: Confirmed Reservation Notification
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0
Message-ID: <23137631.989785505049.JavaMail.abc@af1>
THANK YOU FOR CHOOSING BIG HOTELS. WE LOOK FORWARD TO YOUR STAY WITH
US.
that have different character sets from English, for example, Arabic and Chinese.
The commonest standard method for encoding binary messages is Base64. In the
Base64 scheme, groups of 24 bits (3 bytes) are broken up into four 6-bit units.
Each of these units is sent over the network as an ASCII character.
whether there is a message in the mailbox, and if so, download it. The recipient’s
e-mail client asks the server whether there is any mail to download. To do this, it
uses the post office address that was entered when the e-mail client was configured
(see Fig. 7.21 for an example of an e-mail client configuration screen).
There has to be another DNS query to find the mail server’s IP address. When
the IP address has been discovered, the request to the mail server is divided into
segments at the Transport Layer, put into IP packets at the Internet Layer and finally
encapsulated and sent over the Internet to the mail server. At the mail server, the
packets comprising the request are put back together again in the correct order and
checks for errors are carried out. The mail server then examines the request. If
everything about the request is OK, it sends all of the recipient’s e-mail messages
to him or her. When an e-mail message arrives at the recipient’s computer, it can
be read. If the recipient replies to a message or forwards it, the whole sequence
described above is repeated.
a metafile is downloaded. The metafile carries just the name of the song and its
location, for example ‘http://www.luvlymusik.com/audio/trk257k.rm’. The music
starts playing even though only part of the file has been downloaded.
The music is usually transmitted by means of the Real-time Transport Protocol
(RTP), which is described in RFC 1889. RTP normally runs over UDP and offers
neither error correction nor flow control. TCP, a connection-oriented protocol,
would be unsuitable for streaming because it is too slow. RTP is designed to support
multicasting of real-time data, but it can also be used for unicasting (communicating
with a single receiver). RTP provides timestamping and sequence numbers, which
allow samples to be played back at the destination in the right order, even if
they arrive out of order. Timestamping also facilitates synchronisation of multiple
streams, for example, an audio and a video stream that belong to the same Moving
Picture Experts Group (MPEG) file. A payload type identifier indicates the format
of the payload and the encoding algorithm, for example, MPEG-1 audio layer
3 (MP3). The receiving application can use this identifier to decide how to play
the data. RTP can also be used for Internet telephony and video on demand. RTP
Control Protocol (RTCP) is a special control protocol, which works together with
RTP.
may reach the callee directly. Otherwise, it may be redirected or may start off
a chain of new SIP requests, which are carried out by proxy servers (intermedi-
ary systems involved in call setup). Users are able to register their location with
SIP location servers. Interaction between a SIP server and clients is illustrated in
Fig. 7.23.
7.10 Summary
This chapter has looked at the Application Layer of TCP/IP-based networks. The
chapter started with an explanation of client-server technology, which underlies
most Internet activities. The following applications were examined in turn: the
DNS, the World Wide Web, Remote Access, File Transfer, E-mail, the delivery of
streamed content over the Internet and VoIP. The main protocols for each of these
applications were discussed. The chapter ended with brief descriptions of P2P file
sharing and instant messaging.
7.11 Questions
1. (a) Table 7.1 gives some examples of top-level domains. Find out some more
examples of such domains by researching on the Internet and/or in books.
(b) Find out some more examples of two-letter country code top-level domains,
in addition to the examples given in Section 7.2.1.
2. (a) What is the difference between Internet names and Internet addresses?
(b) Give an example of both.
(c) How are names translated to addresses?
3. Find out what a URI is (not mentioned in this text). How does it differ from a
URL?
Internet Application Layer Protocols 127
4. The HTTP commands GET and POST were mentioned in Section 7.3.4. Find
out what other HTTP commands exist and what their purpose is.
5. Look at the explanation of the encapsulation procedure for the Telnet proto-
col given in Section 7.4.1. Write down the encapsulation steps involved in
transferring a file using FTP.
6. FileZilla, a free FTP client program, was mentioned in Section 7.5. Find out
about alternative FTP client software.
7. What are the SMTP, POP3 and IMAP for?
8. Research the e-mail RFC 1939 (which describes POP3) and RFC 2060 (which
describes IMAP) on the Internet and/or in books. Find out how many com-
mands have the same name in the two standards.
9. Rashid Rasool Khan (email address = Rashid Rasool@mymail.com) is
sending an e-mail message to Yiorgos Zacharias (email address =
Yiorgos Zacharias@amblecote.com). The message has a graphics image at-
tached (car.jpeg). Yiorgos Zacharias uses POP3 to access his email account.
The following information is also known:
Rashid Rasool Khan’s host address = 128.1.0.5
Rashid Rasool Khan’s default gateway address = 128.1.0.254
Rashid Rasool Khan’s DNS server address = 128.2.0.254
Rashid Rasool Khan’s mail server = mail.mymail.com
Yiorgos Zacharias’s host address = 192.4.5.6
Yiorgos Zacharias’s default gateway address = 192.4.5.254
Yiorgos Zacharias’s e-mail server = mail.amblecote.com
Yiorgos Zacharias’s DNS server address = 192.4.6.6
Yiorgos Zacharias’s POP3 username = Yiorgos Zacharias
Yiorgos Zacharias’s password = 76!p4ab
DNS table:
mail.mymail.com 128.2.0.100
mail.amblecote.com 192.4.8.100
For this transaction, answer the following:
(a) List and describe in brief all the protocol interactions (packet by packet)
between Rashid Rasool Khan’s computer and the network when sending
the mail message.
(b) List and describe in brief all the protocol interactions (packet by packet) be-
tween Yiorgos Zacharias’s computer and the network when he downloads
the message.
(c) Describe the internal format of the message.
(NB: Remember to include packets from the following protocols: ARP, DNS,
IP, TCP, POP3, SMTP and MIME.)
10. Why does the Real-time Transport Protocol (RTP) offer neither error correction
nor flow control?
11. Find out what the Common Channel Signalling System No. 7 (SS7) protocol
is for.
8
Network Security
Network security is one of the tasks of network management, other aspects of which
are dealt with in the next chapter. However, network security is such an important
issue that this chapter is devoted to it. The chapter starts with an explanation of
several important security concepts and gives some security techniques related
to these concepts. The following aspects of network security are examined in
turn: Virtual private networks (VPNs); firewalls; intrusion detection and intrusion
prevention systems; various kinds of attacks that may be made on networks; viruses,
worms and Trojan horses; rootkits; spam e-mail; spyware and physical security.
Wireless networks are covered in detail in Chapter 10 but wireless LAN security
is given a section in this chapter.
8.1.1 Authentication
Authentication (checking that someone or something is who or what he/she/it
claims to be) is often done via a password. Unfortunately, passwords are not very
secure. They can be guessed or stolen. Many people are unwise in their choice of
password, using the word ‘password’ or the name of a member of their family as
their password. Users even write down their passwords on Post-itR notes and stick
them round the edge of their computer monitor. It is only necessary to have a single
compromised password for a network to be rendered insecure. Certain TCP/IP
Application Layer protocols, such as Telnet (a terminal emulation protocol) and
128
Network Security 129
File Transfer Protocol (FTP), send the user’s password across the network in the
clear. ‘Sniffer’ programs can be used to capture these passwords easily.
A safer form of authentication is to use an intelligent token that generates a
one-time password. This password is transmitted to a secure server that verifies
it and allows the user to log in. There are two forms of intelligent token: time
synchronous and challenge response. In a time-synchronous system, the token and
the server have to be synchronised. A random number is generated roughly once
per minute by both the server and the token. To log into a server, a user has to enter
a Personal Identification Number (PIN) plus the random number that the token is
displaying. This is an example of two-factor authentication. Users have to combine
something they have (the token) with something they know (their PIN number).
The time-synchronous scheme is illustrated in Fig. 8.1. Encryption, referred to in
Fig. 8.1, is explained in Section 8.1.3.
In a challenge–response system, users have to supply an encrypted number that
is the same as the one that the server has generated. Hardware tokens are in plan
view about the same size as a credit card, but are thicker. They can be either hand
held or designed to plug into a computer. Software tokens are easier to crack. The
challenge–response scheme is illustrated in Fig. 8.2.
Another approach to authentication uses biometrics. The idea here is to use
something that you are for authentication. In other word, you use one of your
physical characteristics such as your fingerprint or the pattern of the iris (the
coloured part) of the eye. This can be used as one of the factors in a two-factor
authentication system. One advantage of a biometric system is that users cannot
forget their fingerprint or eye. The same is not true of a password, unfortunately.
A disadvantage of biometric systems is that they tend to be rather expensive if
deployed in large numbers.
130 Communications and Networking
8.1.2 Authorisation
Authorisation allows network managers to control who can have access to which
network resources. For example, the sales department will be prevented from
accessing the payroll records. Secure single sign-on lets users log into the network
only once and thus get access to all the resources that they are allowed to use.
Inevitably, this will involve a rather complex system. Without single sign-on,
however, there is a large administrative load. The network manager will have to
monitor the security mechanisms used by every piece of software that is being
used on the enterprise network. Single sign-on systems can be either workstation
based or server based.
Kerberos is an example of a server-based system. It is named after the three-
headed dog that guarded the entrance to Hades, according to Ancient Greek mythol-
ogy. It is free but there are also commercial versions. It is a flexible and extensible
system. A full explanation of Kerberos is beyond the scope of this book, but here
is a brief sketch. Kerberos has three parts: the client software, the authentication
server computer (or security server) and the application server. The authentica-
tion server computer keeps the database of encrypted user identities. It is kept
in a secure location. The application server (software) usually runs on the same
computer as the application to which access is being allowed. Before a user is
allowed to access an application, there are exchanges between the client com-
puter and the security server computer and between the client and the application
server. The client is given an encrypted ticket. This authenticates the client as
an authorised user and it is able to get access to authorised applications using
the ticket. A very important point about Kerberos is that no passwords are sent
over the network. This makes Kerberos very secure. Kerberos is illustrated in
Fig. 8.3.
Network Security 131
8.1.3 Confidentiality
Encryption is used to make sure that the information that is sent over a network
can be read or altered only by authorised users. Encryption is performed by an
encryption algorithm, which scrambles the data so that it cannot be read when
it is travelling over the network. The encryption process turns the plaintext (the
message in its initial form) into the ciphertext (the scrambled form of the message).
A key (a value) is used to encode and decode a message. The encryption/decryption
algorithm applies the key to the data.
Secret-key encryption (also known as private-key or symmetrical encryption)
uses the same mathematical key for encryption and decryption. Secret-key en-
cryption is illustrated in Fig. 8.4. The main advantage of secret-key encryption is
that it is fast.
The key must be kept secret, which poses a problem. For how are we to trans-
port the key from one place to the other, so that both ends can share it? We cannot
simply pass it over the insecure network; it must be distributed ‘out of band’. For
example, we could hand it over face to face on a USB flash drive or send it by
motorcycle courier. However, these methods will not work if we want to have
secure communications from one side of the world to the other. The Advanced
Encryption Standard (AES) is an example of a secret-key algorithm. This algo-
rithm performs permutations and substitutions to transform the plaintext into the
ciphertext. Permutations are rearrangements of the data; substitutions replace one
piece of data with another.
132 Communications and Networking
In public-key encryption, different keys are used for encryption and decryption.
The encryption key is made available to everybody, whereas the decryption key
is kept secret. Public-key encryption is illustrated in Fig. 8.5. For some reason,
typical users of encryption systems are always called Alice and Bob. We shall
follow that convention in this book. In Fig. 8.5, we see that Alice wants to send a
message to Bob. She encrypts the message with Bob’s public key, which is freely
available to anybody who needs to use it. When Bob receives the message, he
decrypts it with his private key, which only he possesses.
Public-key encryption is possible because the private and public keys are mathe-
matically related. However, they are related in such a way that it is computationally
infeasible to try to derive the one from the other, especially if long keys are used. It
would take so long, even with a supercomputer, that it is just not worth attempting.
Public-key encryption may be supported by a public key infrastructure (PKI).
The PKI is the legal, organisational and technical framework that is used to support
public-key cryptography. It provides a Digital Certificate, which is the user’s public
key that has been digitally signed. This signing guarantees the identity of the owner
of the certificate. Without digital certificates, somebody could compromise the
security of the public-key system by making available a false public key for a certain
user. A Certificate Authority (CA) does the digital signing. There is a hierarchy
of CAs. The root CA allows the authentication of individuals, organisations or
other CAs. We see an explanation of digital signatures in Fig. 8.6. Alice wants to
prove to Bob that the message that she is sending him is really from her. She signs
the message with her private key. Bob uses Alice’s public key to decrypt Alice’s
signature.
Network Security 133
When the Secure Sockets Layer (SSL) protocol is in use for a secure Inter-
net connection, a yellow padlock such as the one shown in Fig. 8.7 appears in
the bottom right-hand corner of the Web browser window. (SSL is covered in
Section 8.2.2.) If this yellow padlock is visible, then a digital certificate that was
signed by a CA somewhere on the Internet was almost certainly used to create the
secure connection. The Web browser gets the digital certificate from the Web site
and then checks if it is still valid by asking the CA about it. It checks whether the
certificate has expired, whether the CA that issued it is genuine and so on. All that
the user needs to know about this is whether he or she can see the yellow padlock.
If the padlock is there, the connection can be relied on to be secure.
We saw earlier that secret-key encryption is fast. Public-key encryption is slower
but more secure than secret-key encryption. A common arrangement is to use
public-key encryption to get a message containing an encrypted secret key from
one side to the other. Once the secret key has been received, it can be used by
both parties in the communication. This is more efficient than using public-key
encryption only.
Receiver
This record
is extremely
Original
sensitive. It
(long)
should be
message
shown only
to ... This record
is extremely
Signed
sensitive. It
message
should be
Receiver’s public shown only
key to ...
Hash function
*^%@{}>*!
8.1.5 Non-repudiation
Non-repudiation means preventing either the sender or the receiver of a message
from denying that a message has been sent. One way of providing non-repudiation
is to use a trusted third-party system usually called a notary service. The message
is sent to the receiver via the notary service. A secure hash of the message is
calculated. This secure hash is then passed to the notary service, which timestamps
the message and keeps a copy of the secure hash. A notary service is illustrated in
Fig. 8.9.
8.1.6 Integrity
We also need to be able to prove that the message has not been altered in transit.
A digital signature can provide such proof.
Hash function
Notary service
timestamps
the secure
hash & keeps
Notary service a copy of it.
Figure 8.10 shows a VPN consisting of a secure, encrypted tunnel through the
Internet. The tunnelling protocol encapsulates the data inside an additional header.
This additional header contains sufficient routing information for the encapsulated
packet to get through the Internet. When these packets reach the final point on the
Internet, they are then decapsulated and sent on to their ultimate destination.
Non-IP-based VPNs, which use such technologies as leased lines, Frame Relay
or ATM, can offer very high levels of Quality of Service (QoS). Obtaining the
same levels of QoS is rather difficult over the Internet, but IP-based VPNs can
be just as secure and tend to be cheaper. The protocols in use for IP-based VPNs
include IP Security (IPSec), MPLS and Secure Sockets Layer (SSL)/Transport
Layer Security (TLS). Since MPLS has already been covered in Section 6.4, we
shall concentrate here on IPSec and SSL.
whole source packet, including the original header, is authenticated and encrypted
and is given a new IP header. While the packet is traversing the Internet, both
the source and the destination are kept secret. Transport mode is illustrated in
Fig. 8.11. Tunnel mode is illustrated in Fig. 8.12.
IP header
source = router 1
destination = router1
Original IP header.
Contains actual source & destination.
TCP
IP
instead of ‘http’ we type ‘https’. This indicates that the data is going to have to be
transferred using SSL (or TLS) via TCP Port 443 (rather than the standard HTTP
Port 80).
SSL consists of two layers of protocols. The SSL Record Protocol provides
security services for HTTP, among other TCP/IP Application Layer protocols.
It divides the application data into blocks of up to 16,384 bytes and encrypts
it. Three SSL protocols work at the same level as HTTP: the Handshake Pro-
tocol, the Change Cipher Spec Protocol and the Alert Protocol. The SSL ar-
chitecture is illustrated in Fig. 8.13. The Handshake Protocol negotiates vari-
ous parameters to be used in the session and authenticates the remote machine.
The Change Cipher Spec Protocol and the Alert Protocol are used during the
session.
The sequence of events when SSL is in use is as follows. First of all, a TCP
connection is set up between the client and the server on Port 443 using the normal
three-way handshake. The client then sends a Hello message, which contains
information about cipher suites that it knows about. The server responds to this
with its own Hello message, which says which cipher suite will be used. The server
next gives the client a copy of its certificate, which includes its public encryption
key. It then sends a Hello Done message to the client. All exchanges up to this
point are in clear text.
Now the client generates a secret session key, which it encrypts with the server’s
public key, and sends it to the server. This process is called the client key exchange.
From this point on everything that is sent is encrypted. The client sends a change
cipher spec message to reconfirm which cipher suite (set of ciphers and keys) is
going to be used. Each side next sends a Finished message showing that the SSL
handshake is complete. A secure, encrypted tunnel has now been set up. This uses
the secret key that has been negotiated. TLS works in a similar fashion.
8.3 Firewalls
In cars there is a barrier that stops fire spreading from the engine to the pas-
senger compartment. This barrier is known as a firewall. In computer networks,
firewalls protect vulnerable devices. They can be positioned between the internal
140 Communications and Networking
network and the Web server computer or between the Web server computer and
the Internet. Firewalls can be set up to control what traffic is permitted to leave
the internal network, as well as what comes into it. They can be software only or
a software/hardware combination. The capabilities of firewalls vary but all types
protect a private network from intruders by controlling access to it. Many firewalls
can hide the network addresses of individual users so that nobody from outside can
find out what these are (that is, they have a NAT capability). They can log all traffic
and can report suspicious events. Many firewalls can perform authentication on
users. They may encrypt transmissions. Figure 8.14 shows how a firewall protects
a server by refusing unwanted requests but letting through wanted requests.
A port on a firewall is sometimes used to provide a demilitarised zone (DMZ).
The DMZ contains a device that must be accessible from the Internet. This device
is usually a server computer of some kind, for example, a Web, FTP, mail or DNS
server. The firewall offers the device or devices in the DMZ limited protection
from attack but completely closes off the organisation’s internal network from the
Internet. A DMZ is illustrated in Fig. 8.15. An attacker could break into the Web
server but not into the trusted internal network. The use of the term ‘DMZ’ in this
context derives from its use to describe a military buffer zone such as the one that
was established between North and South Korea in 1948.
(TCP or UDP) port numbers can be blocked. This is done with an access control
list. An access control list disallows all traffic that is not explicitly permitted. Here
is an example of a router access control list.
access-list 1 permit 192.168.4.0 0.0.0.255
access-list 1 deny any
The router interface to which this access list is applied will allow all incom-
ing traffic from the 192.168.4.0 network but no other traffic. The group of dotted
decimal numbers that follows the IP address looks something like a subnet mask
but it actually works in a different way. Called a wildcard mask, its bits indi-
cate how the router should check the corresponding address bits. A zero means
check; a one means ignore. In binary, the wildcard in the above access list is
00000000.00000000.00000000.11111111. This means that the router will ignore
the host part of the address and will check only the bits in the first three octets.
Intruders are able to trick a packet-filtering firewall by packet spoofing. This
involves constructing a packet with a false sender address. So other procedures in
addition to packet filtering are needed. Packet spoofing is illustrated in Fig. 8.16.
connection with the firewall. The firewall sets up a connection with the server on
the other side. It acts on behalf of the client. The client believes that the proxy is
the server; the server believes that the proxy is the client. A proxy firewall is shown
in Fig. 8.17. Web server A, for example, thinks that it is communicating directly
with client 1 and vice versa. In reality, as we can see, the proxy is pretending to
be both the server and the client. The proxy can inspect the data and check that a
packet that is being sent out to the Web server really is an HTTP packet, as it is
supposed to be. It can also check that the person who is sitting at the client machine
is allowed to be surfing the Web. An application proxy firewall is so called because
it has to be able to understand Application Layer protocols, such as HTTP. The
firewall needs a proxy for every protocol that it has to deal with.
closes, the firewall closes the port that it was using. It can do this because it has
in memory a table where it keeps information about the connections. It inspects
packets at all communication layers, looking at the bit patterns and comparing
these to trusted packets. A stateful inspection firewall is more complex than the
other two types. However, the features that are desirable in a firewall will depend
on what is required to put the company’s security policy into practice.
later. Some attacks exploit vulnerabilities in operating systems, while others take
advantage of vulnerabilities in applications.
forged SYN (SYNchronise) packets to the victim host. The sending address that
these SYN packets contain does not exist. So when the victim sends a SYN ACK
back to this false address, there is never an acknowledgement of the SYN ACK.
The result is many half-open TCP connections, which build up to such a degree that
the victim host’s connection queue gets full. At this point the host stops accepting
all connection requests, whether legitimate or not. The attack has now crippled it.
It could even run out of memory completely, which would make it crash.
All three of these types of program are malware (malicious software). Anti-virus
software, as long as it is kept up to date, will protect a computer against viruses,
worms and Trojan horses. Common sense on the part of the user is also necessary,
however. For example, it is unwise to open e-mail attachments unless one is sure
that they contain nothing harmful.
8.7 Rootkits
A rootkit is a special form of remote-access Trojan horse. An intruder can use
the software tools that a rootkit contains to gain complete control of a remote
computer. The owner of the computer remains unaware that this has happened.
Root is the system administrator in UNIX and UNIX-like operating systems such
as Linux. A rootkit is so named because it allows the attacker to become the system
administrator of the computer that he or she has infiltrated.
Software for detecting rootkits is available. This looks for hidden additions to
files and changes made to the Windows registry (the database of binary files that
contains system configuration information on Microsoft Windows computers).
Unfortunately, the writers of rootkits are constantly refining their products to try
to stay one step ahead of the defences against them.
overwhelm the system. An alternative strategy is to levy a small charge for sending
an e-mail. The intended effect of this would be to make it too expensive to send
spam.
Checking that the source IP address of an e-mail is not forged is another defence
against spam. What makes this an effective measure is that spammers (those who
produce spam) like to forge the ‘from’ address in their e-mail. This is done because
it makes it difficult to find out who sent the spam. Filters can also be hoodwinked
by this means. SMTP is also easily fooled.
Another measure that can be used against spam is signing legitimate e-mail
with a digital signature. This also proves the integrity of the message. Sender and
recipient both know that messages have not been tampered with en route.
8.9 Spyware
Spyware is software that gathers data about the way in which a computer is used.
The program is installed without the user’s knowledge and transmits over the
Internet the information that it obtains. An example of relatively innocuous spyware
is a record of visits to Web sites that is gathered for marketing purposes. An example
of a rather more serious kind of spyware is that which captures personal information
like credit card numbers. Anti-spyware software is available. Some anti-spyware
programs prevent spyware being installed in the first place. Other programs simply
scan for and remove it. Like anti-virus software, anti-spyware software needs to
be updated on a regular basis to maintain its effectiveness.
8.12 Summary
This chapter has looked at various aspects of network security, which is an ex-
tremely important issue in today’s networks. The chapter started with an expla-
nation of several important security concepts and gave some security techniques
related to these concepts. Further, the following aspects of network security were
covered: VPNs; firewalls; intrusion detection and intrusion prevention systems;
various kinds of attacks that may be made on networks; viruses, worms and Trojan
horses; rootkits; spam e-mail; spyware; physical security and security of wireless
networks.
8.13 Questions
1. When AES was devised, a competition was held to find the best encryption
algorithm. Find out what criteria were used to select the winning algorithm,
Rijndael. (This information is not included in this book.)
2. Why was public-key encryption developed?
3. If SSL/TLS is in use, how confident can a customer using a credit card to pay
for goods from a Web site be that the transaction is secure?
4. Explain how a digital signature is produced.
5. Find two different security policy templates on the Internet and compare them.
Relate their features to the list given in Table 8.1.
6. Explain the difference between the IPSec transport and tunnel modes.
7. What are the advantages of SSL/TLS-based VPNs over IPSec-based VPNs?
8. Draw a labelled diagram illustrating the exchanges that take place between
client and server during the setting up of a secure, encrypted SSL tunnel.
9. The following is a router access control list:
access-list 1 permit 172.16.0.0 0.0.255.255
access-list 1 deny any
What does it mean?
10. Explain how an FTP application proxy firewall works.
11. How do intrusion prevention systems differ from intrusion detection systems?
12. What is a DDOS attack?
13. What is a rootkit?
14. What is a man-in-the-middle attack?
15. What can be done to secure wireless LANs?
9
Network Management
As networks become more and more complex, they can become more and more
difficult to maintain. The users of a network tend to rely on it heavily and will
suffer if it is not running efficiently or if certain applications are unavailable when
needed. So the network manager must manage the network proactively, using all
the management facilities at his or her disposal.
This chapter begins with a description of the network management functional
areas of the ISO network management model, which cover configuration man-
agement, fault management, performance management, accounting management
and security management. Some hardware and software tools that are used for
network management are then discussed. Next, some ways of troubleshooting
networks are mentioned. The important Simple Network Management Protocol
(SNMP), a TCP/IP Application Layer protocol that makes it easy for management
information to be exchanged between network devices, is described. So is the
equally important variant of SNMP, remote monitor (RMON). In the next section,
the value of good network documentation is stressed. The chapter ends with a short
section on LAN server administration.
153
154 Communications and Networking
Establishing Baselines
So as to be able to carry out performance management, the network manager needs
first to establish baselines for the various measures of performance. A baseline
sets the acceptable level of performance of the network. Without a baseline, it
will not be possible to tell whether performance is improving or declining. And
as the network is expanded or updated, the baseline itself will need to be updated.
Baselining involves measuring and recording how a network operates over a certain
period of time. It can be used to find out how the network is performing currently
and what the future needs are.
When performing a baseline study, the manager has to get information on all
the network devices, including workstations, server computers, hubs, switches
Network Management 155
Serial no.:
Date purchased:
Problems:
and routers. Model numbers, serial numbers, NIC and IP addresses, protocols and
network applications in use will all need to be recorded. A simple record sheet
such as the one shown in Table 9.1 may be utilised, but alternatively software can
be used to record the data. The manager will also need to record such figures as the
average and peak network utilisation, the average and peak frame size, the average
and peak number of frames per second, the number of broadcasts, the number of
collisions per second, the number of CRC errors and the number of illegally short
and long frames (runts and jabbers).
Asystem = A1 × A2 × · · · × An
For example, if a network sub-system consists of five components each with an
availability of 0.96, what is the availability of the sub-system?
frames are sent and received by each network device and so on. Network monitors
are often a part of an integrated network management system (INMS). The use of
network monitors is illustrated in Fig. 9.1. These generally use RMON monitoring
(see Section 9.4.5).
A protocol analyser (or packet sniffer) is able to capture and interpret network
frames and packets. The protocol analyser may come in the relatively expensive
form of a specialised portable computer with a built-in software. A specialised (and
expensive) wireless laptop protocol analyser is illustrated in Fig. 9.2. Alternatively,
the analyser may be software only and designed to run on a cheap, general-
purpose computer. There are several protocol analysis software packages. Ethereal
(available from http://www.ethereal.com) is an example of free protocol analysis
software.
An INMS allows the network manager to monitor and control the corporate inter-
network from a central point. The INMS covers all five of the ISO network manage-
ment functional areas. The network administrator views the system via a graphical
user interface (GUI). Software running on remote network devices gathers infor-
mation that the INMS can use. SNMP (see Section 9.4) is often used in INMSs.
has been switched off. It is advisable to check for basic faults such as this before
trying more sophisticated troubleshooting.
When troubleshooting at layer 1, indicator lights should be checked. For exam-
ple, if a NIC is physically connected and working, a green light may be visible.
There may also be lights that show network transmission or reception. If no green
light is visible, this may be a symptom of a cable problem, but the NIC may need
to be re-seated in its socket.
Potential problems at layer 2 include wrongly configured Ethernet or WAN
interfaces. For example, the wrong kind of layer-2 encapsulation may have been
chosen on one of the router’s WAN interfaces. In the case of Frame Relay, the
wrong DLCI (permanent virtual circuit number) may have been set. A layer-2
fault that can cause problems at layer 3 is one or more wrong associations between
MAC and IP addresses. Purging (emptying) the ARP cache will often cure this. If a
layer-2 switch is in use, VLANs may have been improperly configured, preventing
communication between members of different VLANs.
There are several causes of layer-3 errors. The most common of these is an
addressing error of some kind. For example, an interface on a device may have
been configured with the wrong IP address or perhaps the subnet mask is wrong.
For this reason, it is prudent to make sure that the addresses of router interfaces are
correct before doing any further configuration. Routing protocols too can cause
problems at layer 3. No routing protocol (such as RIP) may have been enabled. Or
perhaps a routing protocol has been enabled but it is the wrong one.
The Ping utility program (described in Section 6.1.8) is a very useful tool for
troubleshooting layer-3 problems. It can be used to test network connectivity over
IP-based networks. The output from Ping shows the minimum, average and max-
imum round-trip time for a test datagram to reach the target address and be sent
back to the source. From this output the network administrator can tell whether
the target host can be reached, what the delays over the path to the host are and
how reliable the path is. In the example given in Section 6.1.8, the ping target
193.60.1.15 replies to all four datagrams sent to it. An unsuccessful attempt at
pinging a target host is shown in Fig. 9.3. This display shows that the target host is
unreachable, as none of the test datagrams got to the address that they were trying
to reach.
For troubleshooting at layer 7, the Telnet utility can be useful. Telnet, a virtual
terminal protocol that works at the application layer of TCP/IP, was described
in Section 7.4. Telnet is normally used to log into a remote computer and run
programs on it. When used for troubleshooting, Telnet allows an administrator to
check that at least one application works over a TCP/IP connection between the
source and the destination. If Telnet functions OK, it shows that the whole protocol
stack from Telnet downwards is working correctly. If it is not possible to Telnet to
a server computer from a particular host, it might be worth trying from a router or
other device. If using the name of the server does not produce a login prompt, it
might be possible to get a successful result by using the server’s IP address instead.
The IP address may be able to be obtained by using the nslookup command (see
below for an example). If one can still not get a response from the server, it is
160 Communications and Networking
possible that the Telnet service is not running or that, for some reason, it has been
moved from its well-known port, 23.
Here is an example of the nslookup utility being used to look up the IP address(es)
of www.google.co.uk. In the first line, the command is issued from the prompt on
a UNIX computer called bsussoc1. The output is from the second line onwards.
bsussoc1 > nslookup www.google.co.uk
Server: bsus.staffs.ac.uk
Address: 193.60.1.17
Non-authoritative answer:
Name: www.l.google.com
Addresses: 66.102.9.147, 66.102.9.99, 66.102.9.104
Aliases: www.google.co.uk, www.google.com
The traceroute utility was described in Section 6.1.8. This can be employed
to trace the complete route from host X to host Y. The output shows a list of
all the routers that were reached. If there is a failure anywhere along the path
from X to Y, traceroute will show where this occurred. An attempt at tracing
a route that ends in failure is shown below. An asterisk in the output indicates
failure.
5 17 ms 28 ms 39 ms 194.117.136.146
6 16 ms 15 ms 16 ms 194.117.136.162
7 16 ms 37 ms 19 ms janet-telewest-pvtpeer.telewest.net
[194.117.147.30]
8 18 ms 17 ms 30 ms po2-3.lond-scr4.ja.net [146.97.35.233]
9 17 ms 33 ms 17 ms po1-0.read-scr.ja.net [146.97.33.26]
10 24 ms 20 ms 20 ms po3-0.warr-scr.ja.net [146.97.33.54]
11 22 ms 22 ms 21 ms po1-0.manchester-bar.ja.net [146.97.35.166]
12 33 ms 22 ms 24 ms gw-nnw.core.netnw.net.uk [146.97.40.202]
13 25 ms 24 ms 41 ms gw-staff.core.netnw.net.uk [194.66.25.94]
14 * * * Request timed out.
15 * * * Request timed out.
16 * * * Request timed out.
17 * * * Request timed out.
18 * * * Request timed out.
19 * * * Request timed out.
[etc.]
UDP UDP
IP IP
Physical Physical
changes made to them using SNMP. The SNMP protocol is a TCP/IP Application
Layer protocol that is used to query agents and make changes to objects. Figure
9.4 shows where the SNMP manager and agent sit in the TCP/IP stack.
manager) that displays and reports the information that the probe has collected.
The probe sits on the network building up a MIB that can be sent to the manager. The
probe can be either self-contained or a module on another device such as a switch.
The first version of RMON worked only at the Data Link Layer. RMON 2 added
support for OSI layers 3 to 7, giving the network manager more information about
the network than SNMP on its own can provide. RMON can help the network
manager to identify such items as where the most traffic on the organisation’s
internetwork is generated and which are the most heavily used routes. It makes
it easier for the manager to discover if a user is making database queries that are
crippling the network or spending a lot of time downloading large files. RMON can
allow the manager to discover subtle changes that are occurring in the behaviour of
a network. It can help the manager to decide where to place server computers and
how to configure routers in the most efficient manner. Figure 9.1 (in Section 9.2)
shows a network manager using RMON to monitor a network’s traffic from a long
distance away.
Network Management 165
RMON has nine more MIB groups (statistical tables) than SNMP. The Statistics
Group details Ethernet statistics, such as collisions and multicasts. The History
Group can be used to take snapshots of the network. The Alarm Group will set off
an alarm if preset parameters are exceeded. The Host Group gathers information
about certain hosts. HostTopN lists the top network hosts rated according to a base
statistic specified by the network management system. The Filter Group can be
used to configure the probe to select individual packets for observation. The Matrix
Group keeps tables of statistics about the number of packets, bytes and errors sent
between two addresses, thus providing information about network traffic between
users. The Packet Capture Group is used to copy packets from the filter group into
buffer memory. The Event Group allows a network manager to define events for
a probe, enabling it to log these events or send an SNMP trap. The advantage that
this offers is that it becomes unnecessary to poll distant network devices over a
WAN to discover faults. In RMON 2, 10 more groups were added. These enable
the troubleshooting of applications across the network, whereas RMON 1 was
restricted to viewing a single network segment at a time.
9.5 Documentation
Keeping up-to-date records of the network is of crucial importance. Unfortunately,
since many people find maintaining their documentation rather tedious, they tend
to forget to do it. There are many different kinds of documents that need to be
kept. Some of these have been mentioned above (for example, the importance of
documenting solutions to network problems was mentioned in Section 9.3.1).
General-purpose computer OSs such as Microsoft Windows have pieces of soft-
ware that can be used for network management purposes built into them. Figure 9.6
shows some typical output from the msinfo32.exe program. Such information can
be used to document the configuration of a workstation. Other kinds of documen-
tation that are needed are cut sheet diagrams, wiring closet layouts and details of
the software that is installed.
A cut sheet diagram indicates the path of network cables. It indicates the type of
cable, the length of each cable and how it is terminated. The diagram shows where
the patch panels and wall sockets are located. It also indicates the cable-labelling
scheme that is in use. Diagrams of the layouts of all wiring closets should include
the location of equipment racks and the equipment that is mounted in them. They
should also show the configuration details of the equipment. The details of all
the software installed on each computer should be recorded. This will include the
standard software configuration and details of the operating system.
have to access particular network resources. Users can be granted such permissions
as read, write, delete, print, copy and execute. The network administrator is also
able to control the time periods when users or groups can access resources. The
administrator can set up profiles, which facilitate customising of the user interface.
Once set up, the profile can be used no matter which LAN workstation the user
connects to the network from.
9.7 Summary
This chapter began with a description of the ISO network management model,
which divides network management into configuration management, fault man-
agement, performance management, accounting management and security man-
agement. Some hardware and software tools that are used for network manage-
ment were then discussed. Next, some ways of troubleshooting networks were
mentioned. SNMP (a TCP/IP Application Layer protocol that makes it easy for
management information to be exchanged between network devices) was then de-
scribed, along with its equally important variant RMON. In the next section, the
Network Management 167
value of good network documentation was stressed. The chapter finished with a
short section on LAN server administration.
9.8 Questions
1. Match the functional areas of the ISO network management model to the facts
about them.
Functional areas
(a) configuration management
(b) fault management
(c) performance management
(d) accounting management
(e) security management
Facts
(i) Concerned with abnormal network behaviour.
(ii) Analyses and controls network performance.
(iii) Concerned with monitoring and controlling normal operations in a net-
work.
(iv) Concerned with access control, authentication and encryption.
(v) Allows the network manager to collect data on how resources are being
consumed by users and devices.
2. A network component has an MTBF of 10000 h and an MTTR of 12 h. What
is its availability?
3. A network sub-system consists of four components each with an availability
of 0.98. What is the availability of this sub-system?
4. Explain time-domain reflectometry.
5. You are a network manager. Your staff has asked for a dedicated laptop protocol
analyser which is so expensive that it exceeds your budget. What reasons could
you give your line manager to persuade him or her to make available enough
money to buy the analyser?
6. What is an integrated network management system?
7. What network utility program can be used to find out an IP address from a
network name and vice versa?
8. What are the parts of SNMP and what is their function?
9. Explain what the SNMP message types get, set and trap do.
10. Find out from books or the Internet what security algorithms are used with
SNMPv3.
11. Look up the details of the standard RMON MIB objects in RFC 2819 (available
from the Internet). According to this RFC, what does a probe have to do in
order to implement the MIB?
10
Wireless Networks
Wireless networks have become more and more popular, in business and industrial
environments, in the home and in hotspots in public places such as airports and
hotels. Wireless networks can be classified in a variety of ways. In this chapter,
we classify them as follows: personal area networks (PANs), home area networks
(HANs), wireless LANs (WLANs), cellular radio networks (for mobile phones)
and wireless technologies for replacing the wired analogue local loop. We start
with a mention of some technical aspects of transmission. The chapter finishes
with a short discussion on Radio Frequency Identification (RFID).
Certain aspects of WLANs were covered in previous chapters and the reader is
encouraged to refer back to these. Infrared and microwave transmission (includ-
ing satellites) were mentioned in Section 2.10.3. The WLAN access point and
radio (the wireless NIC) were described in Section 4.1.3. The particular security
problems posed by WLANs were covered in Section 8.11.
168
Wireless Networks 169
10.2.1 Bluetooth
Bluetooth (IEEE 802.15.1) uses microwave radio to communicate. Infrared trans-
mission (see Section 2.10.3) would be unsuitable because it is highly directional
and cannot pass through obstructions. Bluetooth uses FHSS transmission in the
same frequency band (2.4 GHz) as microwave ovens and many WLANs. It avoids
interfering with the signals sent by other systems by transmitting at very low power
levels. Nevertheless, the signals are still able to travel through the interior walls
of a house. FHSS helps Bluetooth devices resist interference from other devices
that use the same frequency band. Because the frequency changes regularly, any
interference only affects a small part of the data. This small part is sent again if
there was interference.
Bluetooth devices communicate with each other automatically whenever they
come within range of each other. The devices arrange themselves into a piconet
consisting of one master device and one or more slaves. The master has a clock that
gives timing for the piconet. The slaves use this clock signal to synchronise with
the frequency hopping sequence of the master. The piconet might be as simple as
a mobile phone communicating with a headset or a more complex arrangement
such as that illustrated in Fig. 10.1.
The device shown at the top of Fig. 10.1 is a PDA. This is a small, hand-
held portable computer, which possesses many of the capabilities of larger ma-
chines. Its functions are often combined with those of a mobile phone in a single
device.
10.3.1 ZigBee
ZigBee is based on the IEEE 802.15.4 standard and was designed to be used in
wireless control and sensing networks. It uses DSSS transmission and can operate
in the unlicensed 2.4-GHz band, like Bluetooth and some wireless fidelity (Wi-Fi)
networks. The data rate is low (up to 250 kbps) and the range is limited (up to
30 metres). As a consequence, power consumption is very low. Batteries will last
for years, rather than just a few hours, as with IEEE 802.11x WLANs or Bluetooth
devices. ZigBee can be used in other applications besides home automation. For
example, it can be used in toys as well as in industrial automation and building
control.
Wireless Networks 171
10.4 WLANs
The aim of a WLAN is to provide exactly the same features as a wired LAN does but
without the impediment of cables. WLANs can completely replace a conventional
LAN or can be used to extend one. In all wireless networks, the atmosphere is the
medium through which the signal travels. It is possible to use infrared transmission
(see Section 2.10.3) but radio is far more popular because it offers greater range
and higher data rates. The 2.4- and 5-GHz frequency bands are used because these
do not need a licence in most parts of the world.
cell to another (handoff or handover). The same radio frequency can be used in
more than one cell, as long as those cells are not next to each other. Reusing
frequencies in this fashion increases the capacity of the phone network without
causing interference between cells.
10.6.1 Satellite
A brief description of satellite technology was given in Section 2.10.3. With a
satellite service, there is always more latency (delay) than with other options for
replacing the local loop. This is caused by the distance the satellite is from the
earth’s surface. The data rates offered by satellite services tend to be high. So,
satellites are good for downloading large files (because of the high data rate) but
not at all good for VoIP (because of the high latency).
10.9 Summary
This chapter started with a mention of some technical aspects of transmission.
We investigated various kinds of wireless networks, both fixed and mobile. We
saw how PANs can be set up, using such technologies as Bluetooth or WUSB.
176 Communications and Networking
10.10 Questions
1. Explain the differences between DSSS and FHSS wireless transmission tech-
niques.
2. In UWB transmission, extremely short pulses of energy are spread over many
frequencies simultaneously. What is a potential problem with such a transmis-
sion method?
3. Discuss the advantages and disadvantages of WLANs.
4. How can users of 802.11x LANs be authenticated? (You may find it helpful to
refer back to Section 8.11.)
5. Ethernet LANs do not use acknowledgements but 802.11x LANs do. Why is
this?
6. A wireless access point (AP) has been set up as follows:
SSID = 24HillSt
Channel = 6
SSID Broadcast = enabled
Security = WEP
Comment on what changes to the above configuration may be advisable.
(You may need to refer to Section 8.11 as well as the current chapter to answer
this question.)
7. In what circumstances is wireless transmission required? (This question is an
opportunity for reflection; a complete answer cannot be derived from this text
only.)
8. Explain the role of base stations in a mobile phone network.
Appendix A
0 or More
Base header Extension header ... Extension header Data
Source address
Destination address
177
178 Communications and Networking
179
180 Communications and Networking
data compression. A technique that enables devices to transmit the same amount
of data using fewer bits than without compression.
Data Link Layer. The OSI layer that transforms the raw transmission facility
provided by the physical layer into a communication channel that appears to be
free of errors.
Data over Cable Service Interface Specification. Defines the standards for trans-
ferring data using a cable modem system.
data rate. The amount of data transferred per second.
data terminal equipment. A computer that connects to a network.
datagram packet switching. A form of packet switching in which each packet
contains the destination address.
data-link connection identifier. The virtual circuit identifier in a frame relay
frame.
DCE. See Data Circuit Terminating Equipment.
DDOS. See Distributed Denial of Service.
de facto standard. A standard supported by more than one vendor but with no
official status.
DECnet. Network architecture of the Digital Equipment Corporation (now de-
funct).
decryption. The inverse of encryption.
dedicated link. A link provided for the exclusive use of an organisation.
default gateway address. The address of the router that a computer will use to
access another network by default.
delta channel. The ISDN signalling channel.
demilitarised zone. A network area between an organisation’s trusted internal
network and an external network such as the Internet.
denial of service. An attack with the aim of stopping an Internet server (usually
a Web server) functioning.
dense wavelength division multiplexing. Similar to ordinary wavelength divi-
sion multiplexing but offers greater data rates.
destination address. An address that identifies the receiving computer.
destination. The receiving computer.
deterministic network. A network technology which guarantees that the maxi-
mum waiting time before gaining access to the network will not be above a certain
figure.
Appendix B: Glossary 187
fibre-optic cable. A glass (or plastic) fibre that carries a beam of light.
File Transfer Protocol. A protocol used to transfer files to or from an FTP server.
firewall. Software or hardware that restricts access to an organisation’s computers.
fixed wireless. A term referring to the use of wireless technologies with devices
that do not move.
flag field. The field that delimits an HDLC frame.
flow control. A mechanism for speeding up or slowing down the rate at which
a source is sending data, according to how much buffer space the receiver has
available.
flow label. A field in the IPv6 base header used to forward datagrams along a
prearranged path.
FM. See Frequency Modulation.
formal standard. A standard issued by an official standards body.
forward error correction. An error control mechanism that allows a receiver to
correct errors without having to ask for a retransmission.
fourth generation mobile phone network. A mobile phone system offering high
data rates.
FRAD. Frame relay access device.
fragmentation. An IP mechanism for dividing a large datagram into smaller ones.
fragment-free mode. A mode of operation of a layer-2 switch.
frame check sequence. The CRC field in a data-link layer frame.
Frame Relay. A WAN technology which uses virtual circuits.
frame. The data-link layer protocol data unit.
frame trailer. Extra data placed at the end of a frame.
free space optics. The use of lasers for computer communications through free
space (without a cable).
frequency division multiple access. A technique used in analogue mobile phone
systems for sharing out bandwidth.
frequency division multiplexing. A technique for dividing up an analogue link
into several frequency bands, with each frequency band carrying one channel.
frequency hopping spread spectrum. A microwave wireless transmission tech-
nique in which signals are transmitted in a pseudo-random sequence on several
different frequencies.
Appendix B: Glossary 191
idle RQ. An ARQ scheme in which the sender waits for the receiver to acknowl-
edge receipt of a data block before sending the next block.
IDS. See Intrusion Detection System.
IEEE 1000BASE-T. A twisted-pair variant of Gigabit Ethernet.
IEEE 100BASE-T. A twisted-pair variant of 100 Mbps-Ethernet.
IEEE 802.11a. A 54-Mbps wireless LAN standard.
IEEE 802.11b. An 11-Mbps wireless LAN standard.
IEEE 802.11g. A 54-Mbps wireless LAN standard.
IEEE 802.11i. An official WLAN security standard which was agreed after
WPA2.
IEEE 802.11n. A high-speed wireless LAN standard that uses MIMO technology.
IEEE 802.11x. A generic term used to refer to the 802.11 family of WLAN
standards.
IEEE 802.15.1. The Bluetooth standard.
IEEE 802.15.4. The standard that ZigBee is based on.
IEEE 802.16-2004. A fixed-wireless WiMAX standard.
IEEE 802.16e. A mobile WiMAX standard.
IEEE 802.1p. A prioritisation standard for IP telephony.
IEEE 802.1q. A standard that supports virtual LANs.
IEEE 802.1X. An authentication standard for LANs.
IEEE 802.20. A high-speed mobile wireless standard.
IEEE 802.3. An Ethernet standard.
IEEE. A standards body. See Institute of Electrical and Electronics Engineers.
IETF. See Internet Engineering Task Force.
IKE. See Internet key exchange.
IM. See instant messaging.
IMAP. See Internet Message Access Protocol.
information frame. An HDLC frame that carries data.
infrared. A part of the electromagnetic spectrum that can be used for short-
distance wireless communications.
INMS. See Integrated Network Management System.
194 Communications and Networking
latency. Delay.
layer-2 switch. An internetworking device used to connect network segments.
layering. The organisation of networks as a series of layers or levels.
leased line. A permanent, dedicated, point-to-point link that is leased from a
telecommunications carrier.
length field. The field in an IEEE 802.3 frame that contains the length of the data.
LEO. See Low Earth Orbit.
line filter. A device that can be used instead of an ADSL splitter.
link access procedure balanced. An HDLC-type protocol used in X.25.
link access procedure D-channel. An HDLC-type protocol used in the ISDN D
channel.
link access procedure for frame mode services. An HDLC-type protocol used
in frame relay.
link-state advertisement. In link-state routing, a small packet that is broadcast
to all the other routers in the internetwork whenever there is a change in the state
of a link.
link-state routing protocol. A routing protocol in which each router in an inter-
network keeps a map of the topology of the whole internetwork.
LLC field. The field for logical link control in IEEE 802.3.
Local Area Network. A network spanning a small geographical area.
local loop. The telephone line between the customer’s premises and the local
exchange.
localhost. An alternative term for Loopback Address.
location bar. The place where a Web browser shows the URL of the Web page
that is being viewed.
logical connection. An alternative term for a virtual circuit.
logical link control. The upper sub-layer of IEEE 802 LAN protocols; controls
the setting up of a link using an HDLC-type protocol.
logical topology. How the transmission medium can be accessed by the computers
on the network.
loopback address. The address 127.0.0.1 (in IPv4), used for testing IP software.
low earth orbit. An alternative orbit to the geosynchronous orbit.
MAC address. The unique hardware address of a NIC.
Appendix B: Glossary 197
nslookup. A network utility program that can be used to look up the IP address
corresponding to a URL or vice versa.
OC-192. Optical Carrier level 192: a SONET standard for transmission over op-
tical fibre.
octet. A group of eight bits (a byte).
odd parity. A parity bit added to a character to make the number of 1 bits an odd
number.
OFDM. See Orthogonal Frequency Division Multiplexing.
open shortest path first. A link-state routing protocol.
open systems interconnect. A network architecture devised by ISO.
optical fibre. Glass (or plastic) fibre used to connect devices in a network.
orthogonal frequency division multiplexing. A microwave transmission tech-
nique that reduces the need for a line of sight.
OSI 7-layer reference model. See Open Systems Interconnect.
OSI. See Open Systems Interconnect.
OSPF. See Open Shortest Path First.
P2P. See peer-to-peer.
packet sniffer. See Protocol Analyser.
packet spoofing. The constructing of a packet with a false sender address by an
attacker.
packet switching. A technology in which messages are divided into packets be-
fore they are transmitted; the packets are then sent individually, possibly reaching
the destination via different routes.
packet. A unit of information suitable for travelling between one computer and
another.
packet-filtering firewall. A kind of firewall in which a router blocks certain IP
addresses, subnets or TCP or UDP port numbers by means of access control lists.
PAN. See Personal Area Network.
parallel data transfer. A procedure in which multiple wires are used to transfer
whole units of data simultaneously.
parity. An error detection technique in which an additional bit is appended to a
character to give either an even or an odd number of 1 bits.
passive RFID tag. An RFID tag that does not need an internal power source.
patch. A software update.
Appendix B: Glossary 201
patch panel. A piece of hardware that acts like a small switchboard and is a
convenient means of connecting various pieces of networking equipment together.
path MTU discovery. A technique for finding out the maximum size of data that
can be sent all the way from source to destination in one packet.
PC-card. A standard for 16-bit add-on cards for laptop computers (formerly called
PCMCIA card; the 32-bit standard is called CardBus).
PCI. See Peripheral Component Interconnect.
PCMCIA. See Personal Computer Memory Card International Association.
PDA. See Personal Digital Assistant.
peer processes. The entities comprising the corresponding layers of a network
architecture such as OSI or TCP/IP on different machines; these appear to com-
municate directly with each other.
peer-to-peer file sharing. Sharing files over the Internet without a central server.
peer-to-peer LAN. A LAN in which none of the computers has control over the
LAN and they act as client or server computers as necessary.
performance management. An ISO Network Management functional area.
peripheral component interconnect. A PC expansion bus standard.
permanent virtual circuit. A virtual circuit set up by an administrator for re-
peated use between the same two devices.
Personal Area Network. A network that permits communication between devices
that belong to a single owner over very short distances.
Personal Computer Memory Card International Association. The organisa-
tion responsible for the PC card standard.
personal digital assistant. A small, handheld portable computer which possesses
many of the capabilities of larger machines.
phase modulation. A technique for encoding digital information by manipulating
the phase of an analogue carrier signal.
Physical Layer. The OSI layer concerned with the transmission of bit patterns
over a communications channel.
physical topology. The physical configuration of a network.
piconet. See Personal Area Network.
Ping of Death. An attack in which the attacker tries to overwhelm a server com-
puter by flooding it with Ping packets.
Ping. A utility program used to check for reachability of a host.
202 Communications and Networking
remote monitor. An extension to the SNMP MIB that allows the monitoring of
remote sites from a central point.
remote node. A method of remote access to a LAN in which the remote computer
acts as a node or workstation on the LAN.
remote-access VPN. A VPN that allows home workers to gain secure access to
their company’s network.
repeater. A hardware device that regenerates a digital signal.
request–response protocol. The type of protocol used in a client server system,
in which a client requests services and the server provides services in response to
the client’s requests.
requests for comments. Documents that contain technical and organisational
notes about the Internet, including definitions of Internet standards such as proto-
cols.
reverse address resolution protocol. A mechanism for IP address assignment.
RFC. See Requests for Comments.
RFID. See Radio Frequency Identification.
RFID tag. A very small microchip that can be interrogated by radio and can
transmit its ID number.
RFID transponder. See RFID Tag.
ring. A network topology.
RIP. See Routing Information Protocol.
RJ-45. See Registered Jack-45.
RMON. See remote monitor.
roaming. The ability of a WLAN device to move from one WLAN AP coverage
area to another with no interruption to the service.
rootkit. A special form of remote-access Trojan horse that can give an intruder
complete control of a remote computer.
route summarisation. The ability to represent a block of addresses by just one
summary address using CIDR.
router. A computer that can make decisions about where an incoming network
packet should be sent next, using information contained in its routing table.
router configuration file. A file containing rules and instructions to control the
way in which data packets flow through a router.
router discovery request. A procedure that a host that has not been configured
with a default gateway uses to find out available routers.
Appendix B: Glossary 205
router solicitation request. An ICMP message that is the first step in the router
discovery procedure.
routing information protocol. A distance-vector routing protocol.
routing protocol. A protocol that allows routers to inform each other about net-
works that they know about without human intervention.
routing table. A table that contains a router’s knowledge about open paths through
networks.
RS232-C. The former name of EIA/TIA-232.
RTCP. See RTP control protocol.
RTP control protocol. A control protocol that works together with RTP.
RTP. See real-time transport protocol.
RTSP. See real-time streaming protocol.
runt. An illegally short Ethernet frame.
SAN. See Storage Area Network.
screened twisted pair cable. A form of twisted pair cable in which there is an
outer braided or foil shield.
SCSI. See Small Computer System Interface.
ScTP. See Screened Twisted Pair Cable.
SDH. See Synchronous Digital Hierarchy.
SDSL. See Symmetric DSL.
second generation mobile phone network. A digital mobile phone network that
uses TDMA (or rarely CDMA); GSM is the most widely used kind.
secret-key encryption. A form of encryption that uses the same mathematical
key for encryption and decryption.
secure shell. A protocol and program that includes all the functionality of Telnet,
but is secure.
secure single sign-on. A system that requires users to log into a network once
only and thus get access to all the resources that they are allowed to use.
secure sockets layer/transport layer security. Two very similar protocols that
provide secure communications on the Internet.
security management. An ISO Network Management functional area.
security policy. A document that gives rules for access, states how policies are
enforced and explains the basic architecture of a security environment.
206 Communications and Networking
SIP location server. A SIP proxy server with which users are able to register their
location.
SIP request. A SIP message used during call set-up and release.
SIP. See Session Initiation Protocol.
site-to-site VPN. A type of VPN that connects remote offices over the Internet.
sliding window. A flow control mechanism.
Small Computer System Interface. An interface standard and command set for
attaching peripheral devices to computers and transferring data.
SMTP. See Simple Mail Transfer Protocol.
smurf attack. A DOS attack in which a network connected to the Internet is
swamped with replies to pings that it did not send.
SNMP agent. Software that runs on a managed network device; it stores man-
agement data and responds to requests from the manager.
SNMP community string. A field in the SNMP versions 1 and 2 packet that acted
as a password, transmitted in clear text.
SNMP get. An SNMP message type that lets the SNMP manager retrieve MIB
object values from the SNMP agent.
SNMP manager. Software running on a network management station that can
query SNMP agents, get responses from these and make changes to variables by
means of SNMP commands.
SNMP MIB. A database of objects (variables) that can be accessed by agents and
can have changes made to them using SNMP.
SNMP. A TCP/IP application layer protocol that is used to query agents and make
changes to objects.
SNMP. See Simple Network Management Protocol.
SNMP set. An SNMP message type that allows the SNMP manager to set MIB
object values at the agent.
SNMP trap. An SNMP message type that lets the agent tell the SNMP manager
about significant occurrences.
SONET. See Synchronous Optical NETwork.
source. A sending computer.
source address. Identifies the sending computer.
spam filter. Software that applies rules to e-mail and tries to classify it as legitimate
or illegitimate.
208 Communications and Networking
straight-through cable. The standard twisted-pair copper cable used for connect-
ing a computer to a hub or switch.
streaming audio. A client-server technology that permits an audio file to begin
playing before the entire file has been transmitted.
subnet mask. A mask that allows an IPv4 network to be subdivided.
subnet. On a TCP/IP network, a subnet (subnetwork) consists of all devices whose
IP addresses have the same prefix.
subnetting. A technique that is used to make the most efficient use of IPv4 ad-
dresses by dividing them into subnets.
supernetting. An alternative term for Route Summarisation.
supervisory frame. An HDLC frame that deals with flow control and error con-
trol.
supplicant. In the 802.1X LAN security standard, a device that requires authen-
tication.
SVC. See Switched Virtual Circuit.
switched virtual circuit. A virtual circuit that is set up temporarily when needed.
symmetric DSL. A form of DSL where the upstream and downstream data rates
are the same.
symmetrical encryption. See Secret-key Encryption.
SYN. A packet used in TCP to synchronise the initial sequence numbers on two
computers that are initiating a new connection.
SYN flooding attack. An attack in which an attacking source host repeatedly
sends forged TCP SYN packets to the victim host.
synchronous digital hierarchy. The ITU standard equivalent of SONET.
synchronous modem. A modem suitable for use on an analogue leased line.
synchronous optical network. A Physical Layer standard for fibre-optic trans-
mission systems.
synchronous transmission. A transmission technique in which data is sent as a
continuous stream at a constant rate.
T3. A T-carrier digital leased line that offers a data rate of 44.736 Mbps.
tag. In 802.1q, a four-byte label inserted into an Ethernet frame to indicate to
which VLAN the frame belongs.
tag. In HTML, a label used to mark up the text.
tag. In RFID, a transponder.
210 Communications and Networking
tape library. A storage device which consists of at least one tape drive and a
mechanism for loading tapes automatically.
T-carrier. A digital leased line service available in North America and Japan.
TCP. See Transmission Control Protocol.
TCP/IP suite. The protocol stack used in the Internet.
TDM. See Time Division Multiplexing.
TDMA. See Time Division Multiple Access.
TDR. See Time Domain Reflectometry.
Telecommunications Industry Association. A standards body.
Telnet. A client-server terminal emulation protocol and program for TCP/IP net-
works.
terminal adaptor. A device used to connect a computer to the ISDN network.
terminal type. In Telnet, the type of terminal emulation that a computer uses.
TFTP. See Trivial File Transfer Protocol.
third generation mobile phone network. A digital mobile phone system able
to support faster data transfer speeds than second generation networks; generally
uses some form of CDMA.
three-way handshake. A procedure used to open and close a TCP connection
and to synchronise both ends of the connection.
throughput. The amount of data successfully transferred from one place to an-
other in a given time (unlikely to be such a high figure as the notional data
rate).
TIA. See Telecommunications Industry Association.
TIA/EIA-232. A Physical-Layer standard for serial data communications.
ticket. In Kerberos, authenticates a Kerberos client as an authorised user.
time division multiple access. A mobile phone technology in which different
users are given different time slots on a channel.
time division multiplexing. A type of multiplexing in which bits (or bytes) from
several sources are interleaved.
time-domain reflectometry. A technique used for cable testing.
Time to Live. A value in the IP datagram header that limits the number of routers
that a datagram is allowed to pass through before it is discarded.
timeout. The length of time that a sender will wait for an acknowledgement from
the receiver before giving up.
Appendix B: Glossary 211
variable-length subnet mask. Allows an organisation to use more than one sub-
net mask inside the same network address space.
VBR. See Variable Bit Rate.
VDSL2. See Very High-Speed Digital Subscriber Line 2.
vertical cabling. The network cabling that runs between floors of a building.
Very High-Speed Digital Subscriber Line 2. A high-speed version of DSL.
video on demand. A system that allows users to choose and watch video over a
network.
virtual circuit. A connection between two devices that appears to be a physical
path, though the actual physical path along which successive packets travel may
vary.
virtual circuit number. A number that identifies a virtual circuit.
virtual communication. The apparently direct communication that seems to take
place between two peer processes in the higher layers of a network architecture.
virtual LAN. A LAN that does not exist physically, but consists of a logical group
of devices or users, selected from the devices or users on an actual, physical LAN.
virtual private LAN service. A service that securely connects two or more Eth-
ernet LANs over an MPLS network.
virtual private network. A service that provides the equivalent of a private net-
work but runs over a public network.
virus. Self-replicating code that is attached to another file.
VLAN. See Virtual LAN.
VLSM. See Variable-Length Subnet Mask.
Voice over IP. Hardware and software that allows people to use IP networks to
carry telephone calls.
VoIP. See Voice over IP.
VPLS. See Virtual Private LAN Service.
VPN. See Virtual Private Network.
W3C. See World Wide Web Consortium.
wake on LAN. A facility on a NIC that allows the host computer to be switched
on by sending it a special packet over the network.
WAN. See Wide Area Network.
wavelength division multiplexing. A technique that allows data from different
channels to be carried at very high rates over a single strand of optical fibre.
214 Communications and Networking
World Wide Web. An easily accessible information service offered over the In-
ternet.
World Wide Web Consortium. A standards body that develops specifications
and software for the World Wide Web.
worldwide interoperability for microwave access. A microwave radio-based
wireless technology which has fixed and mobile versions.
worm. Malware that can spread itself through networks automatically, copying
itself from computer to computer.
WPA. See Wi-Fi Protected Access.
WPA2. The second version of WPA.
WUSB. See wireless USB.
X window. A client-server system that offers a windowing environment on UNIX
and Linux computers.
X.25. A standard protocol suite for packet-switching WANs.
xDSL. A generic term for all forms of DSL.
XHTML. See Extensible HyperText Markup Language.
XML. See Extensible Markup Language.
ZigBee. A short-range wireless communication standard with low power demands
that is based on the IEEE802.15.4 standard.
Zombie. A computer that is under the control of an attacker, who can make use
of it in a DDOS attack.
Index
Please note: Bold text is used to indicate section and subsection headings.
217
218 Index
virtual circuit 20, 21, 38, 64–5, 75, 162 CRC, see Cyclic redundancy check
virtual circuit number 21, 159 Crosstalk 27
Circuit-switched 63, 66, 77, 173 CSMA/CD, see Carrier sense multiple
Circuit switching 19–21, 65 access/collision detection
Cisco 73, 86 CSU/DSU, see Channel service unit/Data
Cladding 29 service unit
Class of service 75 Cut sheet 165
“Classful” addressing 91 Cut-through 53
Classless Interdomain Routing (CIDR) 88, 91–2 Cyclic redundancy check (CRC) 15–16, 53, 58,
Client 46–7, 54, 86–7, 99, 105, 107, 108, 111, 100, 155
113–115, 117–18, 120–1, 123, 125–6, 130,
137–139, 141–2, 146, 150–1, 162–3 D channel, see Delta channel
Client-server 38, 46, 47, 48, 61, 105–6, 110, DAD, see Duplicate address detection
114, 126, 165 Daemon 111
Clock 8, 14, 169 Data
Cloud 64–5 circuit terminating equipment (DCE) 44, 64,
Code 7, 13, 18, 39, 58, 173 68
country 107 compression 38–9
non-return to zero (NRZ) 13–14 encryption 39
program code 147 field 58, 100
Reed-Solomon 18 formatting 39
Code division multiple access (CDMA) 173 link connection identifier (DLCI) 65, 159
Codes for transmitting digital data using digital rate 1, 5, 9–12, 29, 33, 48, 53, 56–7, 60, 63,
signals 13–14 66–70, 75–6, 96, 169–171, 173–5
Collision 52, 57, 155, 165 Over Cable Service Interface Specification
detection 57 (DOCSIS) 70
Colon hexadecimal (colon hex) 93 segmentation 95
Committed information rate (CIR) 65 terminal equipment (DTE) 44, 64
Communication 1, 3, 4, 5, 8, 11, 20–4, 31–3, 35, transfer 1, 5, 9–10, 19–21, 32, 61, 96,
37, 41–2, 48, 63, 67, 76–7, 93, 96, 100, 119, 117
124, 131, 134, 143, 150, 159, 169, 173, 174 transfer calculations 10–11
virtual 35 Datagram 20–1, 39, 74, 79, 83, 85, 90, 93–4,
Communications between computers 3–4 100, 105, 137, 159, 162, 177
Community string 163 packet switching 20–1
Compact Flash 54 DCE, see Data circuit terminating equipment
Confidentiality 93, 128, 131–134, 137 DDoS, see Distributed denial of service
Configuration 67, 93, 110, 121, 148, 154, 159, DECnet 43
165 Decryption 131–2
file 72–3 Dedicated 19–21, 47–8, 61, 65, 67, 72, 96, 163,
management 153, 154, 166 167
Congestion-control window 99 Delay 8, 19–20, 49, 53, 57, 101, 103, 123, 159,
Connection-oriented protocol 96–7, 124 174
Connection-oriented working 96 Delivery of streamed content over the Internet
Connectionless working 96 123–125
Constant bit rate (CBR) 75 Delta (D channel) 66, 101
Consultative Committee on Telegraph and Demilitarised zone (DMZ) 140–1
Telephone (CCITT) 43 Demodulator 12
Contact 126 Denial of service (DoS) 144–6, 147, 149
list 126 distributed (DDoS) 144
Continuous RQ 16–17 Destination 3–4, 20–2, 35, 38–40, 53, 56, 58–9,
Control field 100 74, 76, 80, 82–85, 93–6, 103, 113, 119,
Convergence 102–3 124, 137–8, 159
Core 29 address 4, 21, 38, 59, 65, 119
220 Index
Deterministic 60 message 94
DF, see Don’t fragment reply 94
DHCP, see Dynamic Host Configuration request 94, 161
Protocol Echo cancellation 13
Difficulties with using numerical IP addresses EIA, see Electronic Industries Alliance
106–7 EIA/TIA-232 7, 37, 44, 68
Digital certificate 132, 134, 137 Electro-magnetic interference 26–7, 149
Digital Equipment Corporation 43, 56 Electronic mail (E-mail) 3, 39–40, 105, 115,
Digital leased line 68 117–23, 124, 126, 147–9
Digital network 65 attachment 119, 135, 147–8
Direct sequence spread spectrum (DSSS) 168, client 118, 120–2
170, 173 envelope 119
Digital signal 12, 13, 64 Extended Simple Mail Transfer Protocol
Digital subscriber line (DSL) 18, 63, 69–70, 77, (ESMTP) 119
174 fetching from server 120–3
Digital transmission 12, 69 Multipurpose Internet Mail Extensions
Distance vector 102–3 (MIME) 119
Distributed system 1 protocols for retrieving 122–3
DIX 56–57, 60 Simple Mail Transfer Protocol (SMTP) 41,
DLCI, see Data link connection identifier 118–9, 149
DMZ, see Demilitarised zone spam 148–9
DNS, see Domain name system standards 118–20
DOCSIS, see Data Over Cable Service Interface transmitting a message to a server 118
Specification use of DNS for 120
Documentation 153, 165, 167 Electronic Industries Alliance (EIA) 43–4
Domain Encapsulating security payload (ESP) 138
name server 107–8 Encapsulation 35, 39–40, 44, 83–4, 94, 100,
Name System (DNS) 41, 86, 100, 105, 106–8, 105, 113–4,119, 120, 122, 137, 159
112, 118, 120, 140 Telnet commands 113–4
Don’t fragment (DF) flag 85 Encoding 5, 12, 13–14, 33, 119, 120, 124
DoS, see Denial of service Base64 120
Dotted decimal 93, 106, 141 Manchester encoding 13–14
Download 8 Encryption 39, 93, 129, 131–2, 135, 150
Downloading 113 algorithm 131, 137, 138
DSL, see Digital subscriber line key 39, 131–5, 137, 139, 150
DSL access multiplexer (DSLAM) 69 private-key 131
DSL modem 18, 69 public-key 132, 139
DSLAM, see DSL access multiplexer secret-key 131, 134
DSSS, see Direct sequence spread spectrum symmetrical 131, 34
DTE, see Data terminal equipment End-to-end connection 38, 96
Dumb terminal 24, 113 Envelope 119
Duplex communications 5, 8, 18, 33, 96 Error 7, 14–18, 38, 49, 53, 64, 79, 87, 94, 96, 99,
Duplicate address detection (DAD) 93 103, 108, 117, 119–20, 155–6, 158–9, 162,
DWDM, see Dense wavelength division 165
multiplexing burst error 16
Dynamic address assignment 86 checking 7, 58, 64, 65, 122
Dynamic Host Configuration Protocol (DHCP) control 5, 7, 14–18, 33, 39, 100
86–8, 93, 100, 151 correction 14, 18, 124
server 86–7, 93, 151 detection 14–15, 38, 94, 113, 154
diagnosis 154
E-mail, see Electronic mail rates 14, 30, 154
EAP, see Extensible Authentication Protocol recovery 154
Echo 13 reporting 94
Index 221
Global System for Mobiles (GSM) 173 IM, see Instant messaging
Go-back-N 17 IMAP, see Internet Message Access Protocol
GPRS, see General Packet Radio Services Infrared 31–2, 168–9, 171
GSM, see Global System for Mobiles INMS, see Integrated network management
system
Half duplex communications 5, 8–9, 33 Instant messaging (IM) 126
HAN, see Home area network client 126
Handoff 173 server 126
Handover 173 Institute of Electrical and Electronics Engineers
Handshake 96–7, 139, 146 (IEEE) 43, 49, 50, 56–9, 150–1, 168–171,
Handshaking 96 174–6
Hash 134–37 IEEE 802.11a 174
Hayes 43 IEEE 802.11b 168, 171
HDLC, see High-Level Data Link Control IEEE 802.11g 171, 174
Head-end 70 IEEE 802.11i 150
Header 39, 84–5, 93, 101, 113, 119, 137–8, 177 IEEE 802.11n 171
Hertz (Hz) 12, 169 IEEE 802.11x 30, 56, 170, 171
High-Level Data Link Control (HDLC) 8, 38, IEEE 802.15.1 169
56, 65, 79, 100–1, 103 IEEE 802.15.4 170
information frame 100 IEEE 802.16-2004 174
High-speed downlink packet access (HSDPA) IEEE 802.16e 174
173 IEEE 802.1p 49
High-speed uplink packet access (HSUPA) 173 IEEE 802.1q 49–50, 53
History group 165 IEEE 802.1X 150–1
Home area network (HAN) 3, 168, 170, 176 IEEE 802.20 175–6
Home page 110 IEEE 802.3 43, 56–8
Hop 102, 160, 177 IEEE 802.5 56, 59
Hop count 102 Integrated network management system (INMS)
Host 38–9, 50, 79–82, 85–6, 88, 90–6, 103, 157–8
111–13, 115, 125–6, 141, 143, 146–7, Integrated services digital network (ISDN) 63,
159–60, 162, 165 65–7, 77, 101
field 90 bearer channel (B channel) 66
group 165 card 67
local 111, 113 delta channel (D Channel) 66, 101
local- 80 Integration between Wi-Fi and mobile phone
HSDPA, see High-speed downlink packet access networks 174
HSUPA, see High-speed uplink packet access Integrity 58, 93, 128, 135, 137, 138, 149, 150
HTML, see Hypertext Markup Language Intel 56
HTTP, see Hypertext Transport Protocol Intermediate System-to-Intermediate-System
Hub 8, 24, 28, 46, 51–2, 59–60, 154, 158, 162 routing protocol (IS-IS) 37
Hyperlink 109–110 International Organisation for Standardisation
Hypertext Markup Language (HTML) 109 (ISO) 36, 43
Hypertext Transport Protocol (HTTP) 39, 41, network management model 153–6
108–9, 111, 138 International Telecommunication Union
GET command 111 Telecommunication Standardisation Sector
(ITU-T) 43, 76
ICMP, see Internet control message protocol Internet 39, 43, 71, 84, 87–9, 93, 106, 108, 113,
Idle RQ 16 115, 118, 122–3, 125, 134, 136–8, 140, 149
IDS, see Intrusion detection system service provider (ISP) 92
IEEE, see Institute of Electrical and Electronics Internet Control Message Protocol (ICMP) 85,
Engineers 93–5, 161
IETF, see Internet Engineering Task Force Internet Engineering Task Force (IETF) 43, 135,
IKE, see Internet Key Exchange 137–9
Index 223
Peer-to-peer (P2P) 47, 92, 126 Public switched telephone network (PSTN) 19,
file sharing 125 63–4, 66
LAN 46–8 PVC, see Permanent virtual circuit
network 46–7
WLAN 54 QoS, see Quality of service
Performance management 153, 154–6 Quality of service (QoS) 93, 101, 137, 174
establishing baselines 154–5
useful figures 155–6 Rack 50, 54–5, 165
Peripheral Component Interconnect (PCI) 5, 49, Radio 54
54 Radio frequency identification (RFID) 175
Permission 115, 166 tag 175
Personal Computer Memory Card International RAID, see Redundant array of independent disks
Association (PCMCIA) 49, 54 RARP, see Reverse Address Resolution Protocol
Personal digital assistant (PDA) 54, 151, 169 Reachability 94
Personal identification number (PIN) 129 RealPlayer 123
Photodiode 29 Real-time (VBR-RT) and non-real time
Physical star 60 (VBR-NRT) service classes 76
Piconet 169–70 Real-Time Streaming Protocol (RTSP) 123
PIN, see Personal identification number Real-Time Transport Protocol (RTP) 124
Ping 94, 146, 159–61 Reassembly 84–5
of death 146 Redundant array of independent disks (RAID)
PKI, see Public key infrastructure 61, 149
Plaintext 131 Registered jack-45 (RJ-45) 49, 51
Plug 50–1 Remote access 71, 111, 148
PN, see Pseudo-noise Remote control 71
PNG, see Portable Network Graphics Remote host 111, 113, 115
POP, see Post Office Protocol Remote Monitor (RMON) 163–5
Port 49–53, 68, 140, 147, 158 Remote node 71
mapping table 89 Remote working via the Web 71
number 89, 99–100, 111–3, 117, 124, 126, Repeater 26–7, 29
141–3, 147, 178 multiport 51
scanning 147 Request for comments (RFC) 43, 45, 118,
well-known port numbers 99, 139, 160, 163 123–4, 127
Portable Network Graphics (PNG) 39 Retransmission 14–15, 17–18, 57, 99
Post office 118, 120–1 selective 17
Post Office Protocol (POP) 122–3 Reverse Address Resolution Protocol (RARP)
Preamble 57–8 86
PRI, see Primary rate interface RFC, see Request for comments
Primary rate interface (PRI) 66 RFID, see Radio frequency identification
Probe 156, 163–5 RIP, see Routing Information Protocol
Profile 166 RJ-45, see Registered jack-45
Protocol 4 RMON, see Remote Monitor
analyser 157–8 Roaming 93, 171
for retrieving e-mail 122 Rootkit 148
reliable 96–7, 99 Route 19–21, 25, 73–5, 85, 92, 94–5, 101–2,
request-response protocol l46 160
stack 35, 99, 158–9, 162 aggregation 92
unreliable 99 summarisation 92
Proxy 142, 162 Routed protocol 101
Proxy server 125 Router 7, 11, 51, 53–4, 64–8, 72–5, 80–2, 84–6,
Pseudo-noise (PN) sequence 173 88–90, 92–4, 100–3, 113, 137–8, 140–1,
PSTN, see Public switched telephone network 149, 155, 158–62, 164
P2P, see Peer-to-peer discovery 93
Public key infrastructure (PKI) 132, 150 solicitation request 93
Index 227
Routing 38, 53–4, 102–3, 119, 137, 154 Session 38, 96, 98, 110, 113, 115, 117, 124–5,
Classless Interdomain (CIDR) 88, 91–2 139
Information Protocol (RIP) 72–3, 101–3, Initiation Protocol (SIP) 124–5
159 Set-up call 21
protocol 37, 72–5, 91–2, 101–3, 159 Shield 26
software 54 Shielding 27–8
table 73–4, 90, 92, 100–3 Shift register 15
RS232-C 7, 37, 44 Shortest path first (SPF) 103
RTCP, see RTP Control Protocol Signal impairment 14
RTP, see Real-Time Transport Protocol Simple Network Management Protocol (SNMP)
RTP Control Protocol (RTCP) 124 41, 100, 154, 158, 161–5
RTSP, see Real-Time Streaming Protocol agent 162
Runt 155 community string 163
manager 162
Satellite 8, 30–2, 40, 174 MIB 163
low earth orbit (LEO) 31 protocol 163
Screening 27–8 Simplex, half-duplex and full-duplex
ScTP, see Screened twisted pair communications 8–9
SDSL, see Symmetric digital subscriber line Simplex transmission 8–9, 18
Second generation (2G) mobile phone system Single point of failure 47
173 SIP, see Session Initiation Protocol
Secure Shell (SSH) 113 Sliding window 96, 98
Secure single sign-on 130 SMTP, see Simple Mail Transfer Protocol
Secure Sockets Layer/Transport Layer Security Smurf attack 146
(SSL/TLS) 71, 134, 137–9 SNMP, see Simple Network Management
Securing WLANs 151 Protocol
Security 29, 31, 38, 47–8, 53–4, 71, 93, 128, Socket 50, 159, 165
130, 132, 135–7, 139, 143–4, 148–51, 153, SONET 76
163, 168–9 SONET/SDH, see Synchronous Optical
management 153 NETwork/Synchronous Digital
physical 149 Hierarchy
policy 135–6, 143, 151 Source 3–4, 6, 8–10, 20–1, 23, 29, 35–41, 94–5,
Policy Specification Language (SPSL) 99, 103, 113, 138, 146, 148, 159
135 address 4, 38, 53, 57–8, 94, 138, 146, 149,
Segment 177–8
network 51, 73, 83, 101, 143, 156, 158, 165 HTML 109–110
TCP 39–40, 95–8, 100, 113, 120, 122, 177–8 power 175
Sequence number 16–17, 20–1, 96, 98, 124, Spammer 149
146, 178 Splitter 69
Serial Advanced Technology Attachment (Serial Spread spectrum wireless transmission 168
ATA) 5 SPF, see Shortest path first
Serial and parallel communications 5–6 SPSL, see Security Policy Specification
Serial ATA, see Serial Advanced Technology Language
Attachment Spyware 149
Serial cable 5 SSID, see Service Set Identifier
Serial interface 72–3 SSL/TLS, see Secure Sockets Layer/Transport
Serial transfer 5 Layer Security
Server SSL/TLS-based VPNs 138–9
application 105 Standard
computer 11, 46–7, 61, 71, 86, 130, 140, 144, de facto 43
146, 149, 154, 159, 164 formal 43
Service proprietary 43
agreement 65 Start bit 7
Set Identifier (SSID) 151 Start-frame delimiter 58
228 Index
Transport mode 137–8 VDSL2, see Very high speed digital subscriber
Trap 162–3, 165 line 2
Trivial File Transfer Protocol (TFTP) 100 Very high speed digital subscriber line 2
Trojan horse 147–8 (VDSL2) 69
backdoor 147 Video 63–4, 75–6, 93, 101, 119, 123–4
Troubleshooting 158–61, 165 on demand 124
procedures 158–61 Videoconferencing 66
systematic method 158 Virtual circuit packet switching 20, 21
T3 68 Virtual communication 35
TTL, see Time to live Virtual Private LAN Service (VPLS) 101
Tunnel 71, 137–9 Virtual private network (VPN) 65, 71, 136–7,
mode 137–8 144, 151
Tunnelling 137 SS/TLS-based 138
2G, see Second generation Virus 147–8
2.5G 173 VLAN, see Virtual LAN
Type field 58 VLSM, see Variable length subnet mask
Voice 50, 63–4, 66, 75–7, 101, 124
UA, see User agent Over IP (VOIP) 124–5
UC, see Unified communications traffic 63, 65–6, 68, 124
UDP, see User Datagram Protocol transmission 19, 49
Ultra-wideband (UWB) 169 VOIP, see Voice over IP
UMTS, see Universal Mobile Voltage 7, 12–14
Telecommunications System VPLS, see Virtual Private LAN Service
Unicasting 124 VPN, see Virtual private network
Unified communications (UC) 124
Uniform resource locator (URL) 105, 109–10, WAN, see Wide area network
124–5 WCDMA, see Wideband CDMA
Uninterruptible power supply (UPS) 149 WDM, see Wavelength division multiplexing
Universal Mobile Telecommunications System Web browser 71, 99, 105, 109, 110–11, 114–17,
(UMTS) 173 134, 138
Universal Serial Bus (USB) 54, 131, 169 caching in 111
UNIX 38, 148, 160 Web page 39, 105–7, 109–11, 113, 138
Unnumbered frame 100 Web server 71, 99, 105, 110, 138, 140, 142, 144
Unspecified bit rate (UBR) 76 Web site 107, 109–10, 113, 134, 147,
Uploading 113 149
UPS, see Uninterruptible power supply WEP, see Wired Equivalent Privacy
URL, see Uniform resource locator Whitelist 148
USB, see Universal Serial Bus Wi-Fi (Wireless Fidelity) 170–1, 174
Use of DNS for e-mail 120 Protected Access (WPA) 150
Useful figures for performance management Wide area network (WAN) 1–4, 21, 40–1, 54,
155–6 59–60, 63–5, 67–8, 73, 75–6, 82, 85, 100,
User agent (UA) 118–19 159, 163, 165
User Datagram Protocol (UDP) 41, 95–6, ATM in the WAN 75–6
99–100, 124, 137–8, 141, 147, 162–3 Ethernet in the WAN 76
UTP, see Unshielded twisted pair general characteristics 63
UWB, see Ultra-wideband Wideband CDMA (WCDMA) 173
Wildcard mask 141
V.92 43 WIMAX, see Worldwide Interoperability For
Variable bit rate (VBR) 76 Wireless Access
Variable length subnet mask (VLSM) 91 Winamp 123
VBR, see Variable bit rate Window
VBR-NRT 76 Advertisement 98
VBR-RT 76 Size 97–9
230 Index