Networking SoftwareNetworking software deals with thenetwork/Internet
Review of Last Week• Last week, we have gone through: – Network applications in clients (software) – Network services in servers (software) – Servers-clients relationship (software) – End-devices and networking devices (hardware) – IP address (software – addressing scheme) – Port numbers (software – addressing scheme)
Network Software• The majority of this class is to deal with software issues of the network.• There are four categories of software in networks: – Client software (network application) – Server software (network services) – Networking software • This is new. The topic of this lecture. – Protocol • This is in the future of this class.• As we have talked about “client-server”, now we need to deal with “client-network-server”.
Clients-Networks-Servers• PCs (or hosts, workstations, end devices, and printers) communicate with other PCs (servers or other clients), via the network (or Internet).• However, most users don’t know (or even care) how’s the network/Internet is being run, but they do care which network services they can communicate/access. – When you type www.google.com in your web browser, you just hope to go to a web site (hosted in a server) – When you write email to email@example.com, you just hope that I will read your email (I read from a mail server which received your email) – When you’re chatting with somebody, you are using a PC to “talk” to another user of a PC• While using the client programs, the client users only “see” the network services, the client users don’t “see” the network which acts as the middle-man that delivers the information to the client users .
“Transparency” of the Network• The PCs (or you) won’t realize what is in the network/Internet – You don’t know whether you communicate Switch via a switch or thru two switches, or thru a lot of routers and switches – Your computer only knows the other computers (e.g. especially server). – You just use the network to reach somebody = or some other PCs. Appear the same to the user• Hence, the effect of “transparency” of the network Wide area network – For you, PC to PC via 1 switch is almost the same as passing through 10 switches and routers (maybe just a little slower) – You just assume that network is working fine.• Unless you use networking software to explore the network, otherwise you just “assume” the network/Internet is working fine and use it.
Three categories of Network Software• Again, there are 4 different type of network software that “deal” with this “servers-network-clients”• Network clients software (you know this already) – What we use the most (acquiring information or data) • Web browser (Firebox), email reader (Outlook), etc• Server software (you know this already) – Turn a PC into a server • Apache web server• Networking software/commands (this is new to you) – Help to explore and troubleshoot the network – Command-line form • tracert, ipconfig, ping, etc – GUI (graphic user interface) form • Wireshark, Net Tools 5, Free IP Tools, Axence Nettools Pro• Protocols (this is new to you, will be taught in the later lectures)
Networking software/commands• There are some difference between network clients software and networking software – Network clients help you to access services – Networking software help you to • explore the network, • network configuration • troubleshoot the network, • collect network statistics • access certain network status and parameters.
Networking software/commands• As in network client software, networking software comes in the form of – Command line – GUI (graphic user interface)• We will learn a number of widely used networking commands and software.• Beware: there are some commands in the following slides that are… – not networking software but pure client software !! – both networking software and client software !!
Windows XP NetworkConfiguration/Commands/Software Going into the practical aspect of networks Helping you to explore the network in Windows XP
Setting Up Your Source IP ConfigurationYou need to set this up first beforeyou can access the network
Setting IP in Windows XP - 1• Assume that you have a network interface card (NIC) and are connected to the Internet (either through Streamyx, Green Packet, or at UTAR).• After you have plugged in, and before you explore the network in Windows XP (or Windows 7 or Linux or Sun or Apple), you need to configure the following: – Source IP address – Subnet mask – Default Gateway – DNS IP address
Setting IP in Windows XP - 2 • In Windows XP – Click on start → Control Panel → Network Connections
Setting IP in Windows XP - 3 • “Network Connections” window appears. • Right click on “Local Area Connection” and select “Properties”.
Setting IP in Windows XP - 4 • “Local Area Connection Properties” window appears (General Tab). • Scroll down till you find “Internet Protocol (TCP/IP)”. • Double click on “Internet Protocol (TCP/IP)” or • Select (single click) on “Internet Protocol (TCP/IP)” and left click on “Properties”.
Setting IP in Windows XP - 5 • “Internet Protocol (TCP/IP) Properties” window appears. – This is the window that you are looking for, in order to set your source IP address for your PC. • There are two ways to set the IP address: – Dynamic IP – Static IP
Dynamic IP• You need the help of a DHCP service in your network, if you use this option. – Which means you need a DHCP server in the network. – DHCP = Dynamic Host Control Protocol• Click on “obtain an IP address automatically”.• DHCP service will supply the IP address, subnet mask, default gateway, and DNS IP to your PC automatically.• Port numbers related to DHCP are 67 and 68.• DHCP service/server will be discussed in the later lecture.
Static IP• In static IP, you have to key-in the four parameters manually (meaning by yourself).• Default gateway = IP address of the immediate router in your local area network. – Will explain in later lectures.• Proper value of IP address and subnet mask will be taught in later lectures.
DNS Server IP• You need an IP address of a functioning Domain Name Server (DNS) – DNS server converts the domain name into destination IP address – You don’t need to care how it is converted, it is all handled by the OS. – But the OS does care that you provide a valid DNS IP to your OS. – Windows XP allows you to enter two valid DNS IP addresses.
If you don’t have a proper DNS IP• You have to type the IP address (220.127.116.11) of Google web site instead of www.google.com in order to access the web site. or IP address (18.104.22.168) for yahoo.com• Otherwise, the browser will prompt you an “domain name unresolved”• Without a valid DNS IP, all the “yahoo.com”, “cnn.com”, “utar.edu.my”, “facebook.com” will NOT work in the browser.
Extra: Alternate Configuration• If you have a notebook, using static IP at home and the IP assigned by DHCP server at the office, you can make use of alternate configuration to set IP and network information for these 2 different network.• Set Obtain an IP address automatically on “General” tab, so that the notebook will be assigned IP addresses automatically at the office.• After that, click Alternate Configuration tab, select User configured option and key in your home network’s static IP information.• By setting this, when there is no IP information assigned due to no DHCP server at home, this alternate configuration will be applied automatically, so that you don’t have to set IP manually every time at home.
Windows XP Networking Commands/SoftwareSome useful networking commandsand GUI software that help you todeal with network.
Overview of ipconfig• The first networking command that you need to learn.• “ipconfig” is used to check the source IP configuration setting of every network interface card (NIC) of your PC (all physical and virtual network adapters) – IP address – Subnet mask – Default gateway• If your PC has 2 wired NICs and 1 wireless NIC, “ipconfig” will list 3 sets of IP addresses, subnet masks and default gateways.• Adjust your concept of IP address now: – IP address is a network interface address, not a PC address. – If there are 4 NICs in a PC, there are 4 sets IP addresses for that PC.
ipconfig /all• Give a more detailed status of the NICs that includes – DNS server IP – DHCP server IP – Dynamic or static IP (DHCP enabled?) – MAC addresses/Physical address. – Lease of the DHCP service (when will the dynamic IP expire?)• You will use this command quite often
DHCP Service• As compared to the services that we have studied, such as HTTP, and SMTP, which is more as a data/file providing service, or “middle-man” service,• DHCP service is a networking service. – Dealing with networking issues and not data resources.• Normally, user does not actively access the DHCP service. – DHCP is “transparent” to user unless you “explore” it specifically.• More often, it is the operating system (OS) that deals with DHCP service.
ipconfig /release• Release the IP address, netmask and default gateway back to DHCP server. – 0.0.0.0 = no source ip address, subnet mask Command is here
ipconfig /renew• Make request to the dhcp server to get – IP address, – Subnet mask – DNS IP – Gateway IP. Command is here
Overview of “ping”• Your second best friend in network.• Your most used command in the labs.• Function: – Check connectivity of between a remote IP and your PC• A successful ping means that the communication between your PC and the remote IP is okay. – Accessing a remote service provided by this remote IP SHOULD NOT be a problem.• The remote IP can be a server, router, printer, or another client PC.• ping comes in the form of Windows command, or GUI net tools.
ping• Test whether the host is reachable – Connectivity test between you PC and a remote host• ping destination_ip or ping domain_name – c:>ping 192.168.1.1 – c:>ping www.google.com.my
Explanation of ping result• time = Round Trip Time (RTT) – Time that the ping packet travel to the remote IP and back. – time = 349ms means, ping takes 349ms to travel from your PC to 22.214.171.124 and then back to your PC. – Also compute the minimum, maximum and average RTT.• TTL = time-to-live – The number of routers that the ping packet can pass before it is dropped by the router. – TTL = 51 means the ping packet still can travel 51 more routers. – TTL = 51 also mean the ping packet have travel (64 – 51) = 13 routers.
Comments on Ping• One of best and yet simple testing tool. – Use ping to test a remote IP first, before you access a particular service of that remote IP, after you have set up a network. – ping 192.168.1.1 before you do http://192.168.1.1• If you are very sure that your network is working fine, and yet you can’t ping a particular PC, check the firewall (or the Symantec setting) of that PC. – The firewall or Symantec may block the ping reply.
Overview of trace route• Trace route is an “advanced” form of ping.• Trace route lists the IP addresses that your data will travel between you and the destination IP.• You can imagine that these IP addresses form a route between you and your destination IP.• Trace route can be in the form of command and software package. – The better trace route software can draw the route (listed with all the IP) on the world map between your PC and the destination IP.
pathping• pathping destination_ip• pathping domain_name• C:>pathping 192.168.1.1• pathping lists all the IP that it travels from source to destination.• and then compute some statistics of the route.
tracert• tracert does the similar function as pathping – But without that “much” statistics as in pathping.
Overview of nslookup• nslookup is both a client and a networking software. – Must have a valid DNS IP in the source IP configuration, otherwise this command won’t work.• nslookup communicate with an DNS so that it can check the IP address of a valid domain name.
nslookup• Obtain the public IP address of a domain name• Need to have a proper DNS server IP first in your TCP/IP setting.• C:>nslookup domain_name (e.g c:>nslookup www.utar.edu.my) Command is here Command is here
Public DNS IP Addresses• 126.96.36.199 (PS0.NS1.VRX.NET) • Malaysia’s Public DNS IP – Toronto, ON, Canada • Schoolnet (ADSL)• 188.8.131.52 (PS0.NS3.VRX.NET) – 184.108.40.206 – Richmond Hill, ON, Canada – 220.127.116.11• 18.104.22.168 (PS0.NS2.VRX.NET) – 22.214.171.124 – Apopka, Fl • Tmnet Streamyx (ADSL)• 126.96.36.199 (NL.PUBLIC.BASESERVERS.NET) – 188.8.131.52 – Nederlands – 184.108.40.206• 220.127.116.11 (NS1.QUASAR.NET) – 18.104.22.168 – Orlando, FL, USA – 22.214.171.124• 126.96.36.199 (ZOLIBORZ.ELEKTRON.PL) – 188.8.131.52 – Poland – 184.108.40.206• 220.127.116.11 (NS1.JERKY.NET) – 18.104.22.168 – Boston, MA, USA – 22.214.171.124• 126.96.36.199 (PAN.BIJT.NET) – 188.8.131.52 – The Netherlands – 184.108.40.206• 220.127.116.11 – Detroit
nslookup• nslookup interactive mode with designated DNS server to poll.• If a DNS is too “far” from your PC, it will be timed-out.• Aliases = Other domain names that use the same IP address.
Overview of netstat• netstat (network statistics) is a command-line tool that displays network connections (both incoming and outgoing), routing tables, and a number of network interface statistics.• One possible use for netstat is to determine if spyware or Trojans have established connections that you do not know about.• The command "netstat -a" will display all your connections. The command "netstat -b" will show the executable files involved in creating a connection.
netstat -a• List all the connection ports and listening ports that are running in the system
State of the Connection• CLOSED – Indicates that the server has received an ACK signal from the client and the connection is closed• CLOSE_WAIT – Indicates that the server has received the first FIN signal from the client and the connection is in the process of being closed• ESTABLISHED – Indicates that the server received the SYN signal from the client and the session is established• FIN_WAIT_1 – Indicates that the connection is still active but not currently being used• FIN_WAIT_2 – Indicates that the client just received acknowledgment of the first FIN signal from the server• LAST_ACK – Indicates that the server is in the process of sending its own FIN signal• LISTENING – Indicates that the server is ready to accept a connection• SYN_RECEIVED – Indicates that the server just received a SYN signal from the client• SYN_SEND – Indicates that this particular connection is open and active• TIME_WAIT – Indicates that the client recognizes the connection as still active but not currently being used
netstat -b• List the programs that are making network connections & their port numbers
netstat –e, netstat –n, netstat -o• -e Displays Ethernet statistics. This may be combined with the –s option.• -n Displays addresses and port numbers in numerical form.• -o Displays the owning process ID associated with each connection.
netstat -s• Displays per-protocol statistics.• By default, statistics are shown for IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, and UDPv6;
hostname• Display the computer name shown in the network.• Special hostname for 127.0.0.1 = localhost
getmac, getmac /v• Displays MAC addresses for the local system and network adapter name.
arp• ARP => Address Resolution Protocol• “Linking” IP address to a MAC address in a lookup table• Is “dynamic” since IP address is changeable with relative to MAC address.• arp lookup table is stored in cache since it is not permanent.• arp –a – show all cache• arp –d – delete entries in cache
Overview of Port Scanning• Test a remote IP to see whether it offers any service.• Since a port is a place where information goes into and out of a computer, port scanning identifies open doors to a computer.• A port scanner is a software application designed to probe a network host for open ports.• May be blocked by firewall or Symantec intrusion detection. – Port scanning has legitimate uses in managing networks, but port scanning also can be malicious in nature if someone is looking for a weakened access point to break into your computer.
Analogy of Network Services• Services (or open ports) are just like data file type – E.g. “.xls”, “.doc”, “.ppt”, “.avi”, “.jpg”, “.rm”, “.txt”.• You need a specific application (executable) in order to open a particular type file. – Use Word to open “.doc” – Use Notepad to open “.txt” – Use Realplayer to open “.rm”• Network services are the same. – Use web browsers to access port 80 service. – Use ftp to access port 21/20 services. – Use PuTTY to access port 22/23 services.
nmap• A software that you can use to check the “open ports” (services offered) in a particular server.• Can you tell what services are available in this server? (www.insecure.org)
nmap• Command line version of nmap Command is hereServicesavailable inthis server
telnet• telnet is used to remote login to a particular server to perform remote configuration (powerful command)• You can telnet to router, modem, and server as long as these machine provide the service.• telnet destination_ip or telnet domain_name – c:>telnet 192.168.1.1 – c:>telnet www.google.com.my
telnet• telnet 192.168.207.160• You must have the login name and password to continue
ftp Command is here• ftp 192.168.72.5• ftp is just to login to a file server. – You haven’t transferred any file yet.• You need the login name and the password.• There is whole suite of commands after you successfully log in to the file server.• put is to upload a file• get is to download a file• This is the old way.• Now, we normally use the GUI ftp software
PuTTY• A GUI software that helps you to perform remote configuration.
Difference between Client & Networking software• Client software transfer, obtain, or manipulate data and information from/in the server.• Networking software deals mainly with network status and network configuration information.• However, some software/commands belong to both (networking software and client software at the same time)
Comments to Networking Commands• There are many more networking commands…. – It will take time to learn how to use these commands/software – We start with what we have gone through. – We will learn more as we proceed with the class• Some of the network commands are “common” in different OS – They exist in Linux, Unix and Windows • e.g. ping, netstat, – The command option and output may be different • ping –i (Linux) => delay in sending out ping packets, • ping –i (Windows) => Time to live• Some network commands have different name but basically do the same function – ipconfig (Windows), ifconfig (Linux)• Mostly used in shell, terminal or command prompt.• Some of the commands may not work in certain LANs since they are “firewalled” or “blocked” – For example, in UTAR
True/False Questions• “ping” can check the delay between PCs.• You can access a web site without using a domain name. (e.g. msnbc.com)• “ipconfig /all” shows the IP of the DHCP server.• “netstat –a” shows all active port numbers and MAC address.• Three IP addresses can share a single domain name.• Three domain names can share a single IP address.• A near DNS serves better than a far DNS.• “tracert” shows the list of IP address traveled between source and destination.• A wired NIC and a wireless NIC on the same PC can share the same IP address.
Answer• “ping” can check the delay between PCs. – (True)• You can access a web site without using a domain name. (e.g. msnbc.com) – (True)• “ipconfig /all” shows the IP of the DHCP server. – (True)• “netstat –a” shows all active port numbers and MAC address. – (False)• Three IP addresses can share a single domain name. – (True)• Three domain names can share a single IP address. – (True)• A near DNS serves better than a far DNS. – (True)• “tracert” shows the list of IP address traveled between source and destination. – (True)• A wired NIC and a wireless NIC on the same PC can share the same IP address. – (False)
MCQ• Which server do you need to resolve domain name to network address? – A) Web server B) DNS server C) Email server – D) DHCP server E) File server F) Database server – G) Game server• Which of the following is not a network service? – A) firewall B) newsgroup C) audio streaming – D) email E) connectivity F) trace route – G) messaging H) printing job• Which server(s) is/are networking server? – A) Web server B) DNS server C) Email server – D) DHCP server E) File server F) Database server – G) Game serve
MCQ• Which command(s) is/are used to check the status of the ports in a host? – A) ping B) tracert C) netstat D) ipconfig – E) pathping F) arp G) nslookup H) getmac• Which command(s) is/are used to check the connection delay between hosts? – A) ping B) tracert C) netstat D) ipconfig – E) pathping F) arp G) nslookup H) getmac• Which command(s) is/are used to check the MAC address in your PC? – A) ping B) tracert C) netstat D) ipconfig – E) pathping F) arp G) nslookup H) getmac
MCQ• Which command(s) is/are used to check the connectivity of the DNS to your host? – A) ping B) tracert C) netstat D) ipconfig – E) pathping F) arp G) nslookup H) getmac• Which two commands should first be used when you can’t access the network (or loss communication)? – A) ping B) tracert C) netstat D) ipconfig – E) pathping F) arp G) nslookup H) getmac• Which commands require login name and password in order to proceed? – A) ping B) tracert C) netstat D) ipconfig – E) pathping F) arp G) nslookup H) getmac