3. Review of LastWeek
• Last week, we have gone through:
– Network applications in clients (software)
– Network services in servers (software)
– Servers-clients relationship (software)
– End-devices and networking devices (hardware)
– IP address (software – addressing scheme)
– Port numbers (software – addressing scheme)
4. Network Software
• The majority of this class is to deal with software issues of
the network.
• There are four categories of software in networks:
– Client software (network application)
– Server software (network services)
– Networking software
• This is new. The topic of this lecture.
– Protocol
• This is in the future of this class.
• As we have talked about “client-server”, now we need to
deal with “client-network-server”.
5. Clients-Networks-Servers
• PCs (or hosts, workstations, end devices, and printers) communicatewith
other PCs (servers or other clients), via the network (or Internet).
• However, most users don’t know (or even care) how’s the
network/Internet is being run, but they do care which network services
they can communicate/access.
– When you type www.google.com in your web browser, you just hope to go to
a web site (hosted in a server)
– When you write email to kp.koon@help.edu.my, you just hope that I will read
your email (I read from a mail server which received your email)
– When you’re chatting with somebody, you are using a PC to “talk” to another
user of a PC
• While using the client programs, the client users only “see” thenetwork
services, the client users don’t “see” the network which acts as the
middle-man that delivers the information to the client users .
6. “Transparency” of the Network
• The PCs (or you) won’t realize what is in the
network/Internet
– You don’t know whether you communicate
via a switch or thru two switches, or thru a lot
of routers and switches
– Your computer only knows the other
computers (e.g. especially server).
– You just use the network to reach somebody
or some other PCs.
Switch
Switch
• Hence, the effect of “transparency” of the
network
– For you, PC to PC via 1 switch is almost the
same as passing through 10 switches and
routers (maybe just a little slower)
– You just assume that network is working fine.
• Unless you use networking software to
explore the network, otherwise you just
“assume” the network/Internet is working
fine and use it.
=
Appear the same
to the user
Wide areanetwork
7. Three categories of Network Software
• Again, there are 4 different type of network software that “deal” withthis
“servers-network-clients”
• Network clients software (you know this already)
– What we use the most (acquiring information or data)
• Web browser (Firefox), email reader (Outlook), etc
• Server software (you know this already)
– Turn a PC into a server
• Apache web server
• Networking software/commands (this is new to you)
– Help to explore and troubleshoot the network
– Command-line form
• tracert, ipconfig, ping, etc
– GUI (graphic user interface) form
• Wireshark, Net Tools 5, Free IP Tools, Axence Nettools Pro
• Protocols (this is new to you, will be taught in the later lectures)
8. Networking software/commands
• There are some difference between network
clients software and networking software
– Network clients help you to access services
– Networking software help you to
• explore the network,
• configure network devices
• troubleshoot the network,
• collect network statistics
• polling and testing the network
• manage the network
• access certain network status and parameters.
9. Networking software/commands
• As in network client software, networking software
comes in the form of
– Command line
– GUI (graphic user interface)
• We will learn a number of widely used networking
commands and software.
• Beware: there are some commands in the
following slides that are…
– not networking software but pure client software !!
– both networking software and client software !!
11. Setting Up Your Source IP
Configuration
You need to set this up first before
you can access the network
12. Setting IP in Windows 10 -1
• Assume that you have a network interface card (NIC)
and are connected to the Internet (either through
Streamyx, Green Packet, or at HELP).
• After you have plugged in, and before you explore
the network in Windows 10 (or Windows 7 or Linux
or Sun or Apple), you need to configure the following:
– Source IP address
– Subnet mask
– Default Gateway
– DNS IP address
13. Setting IP in Windows 10 -2
• In Windows 10
– Go to Start > Type
“Settings” and then
click on Settings
14. Setting IP in Windows 10 -3
• “Click on the Network
and Internet”, and
then the window like
left side appears
• Click on the “Change
adapter options”
15. Setting IP in Windows 10 -4
• “Right click any
connected network,
and select properties”
16. Setting IP in Windows 10 -5
• Scroll down the list and
then select TCP / IPv4
17. Dynamic IP
• You need the help of a DHCP service in
your network, if you use this option.
– Which means you need a DHCP server
in the network.
– DHCP = Dynamic Host Control Protocol
• Click on “obtain an IP address
automatically”.
• DHCP service will supply the IP address,
subnet mask, default gateway, and DNS
IP to your PC automatically.
• Port numbers related to DHCP are 67
and 68.
• DHCP service/server will be discussed
in the later lecture.
18. Static IP
• In static IP, you have to key in the
four parameters manually
(meaning by yourself).
• Default gateway = IP address of
the immediate router in your local
area network.
– Will explain in later lectures.
• Proper value of IP address and
subnet mask will be taught in
later lectures.
19. DNS ServerIP
• You need an IP address of a
functioning Domain Name
Server (DNS)
– DNS server converts the domain
name into destination IP address
– You don’t need to care how it is
converted, it is all handled by the
OS.
– But the OS does care that you
provide a valid DNS IP to your OS.
– Windows 10 allows you to enter
two valid DNS IP addresses.
20. If you don’t have a proper DNS IP
• You have to type the IP address (64.233.181.104) of Google web site instead of
www.google.com in order to access the web site. or IP address (209.131.36.159)
for yahoo.com
• Otherwise, the browser will prompt you an “domain name unresolved”
• Without a valid DNS IP, all the “yahoo.com”, “cnn.com”, “help.edu.my”,
“facebook.com” will NOT work in the browser.
21. Extra: Alternate Configuration
• If you have a notebook, using static IP at
home and the IP assigned by DHCP server at
the office, you can make use of alternate
configuration to set IP and network information
for these 2 different network.
• Set Obtain an IP address automatically on
“General” tab, so that the notebook will be
assigned IP addresses automatically at the
office.
• After that, click Alternate Configuration tab,
select User configured option and key in your
home network’s static IP information.
• By setting this, when there is no IP information
assigned due to no DHCP server at home, this
alternate configuration will be applied
automatically, so that you don’t have to set IP
manually every time at home.
24. Overview of ipconfig
• The first networking command that you need to learn.
• “ipconfig” is used to check the source IP configuration setting
of every network interface card (NIC) of your PC (all physical
and virtual network adapters)
– IP address
– Subnet mask
– Default gateway
• If your PC has 2 wired NICs and 1 wireless NIC, “ipconfig”
will list 3 sets of IP addresses, subnet masks and default
gateways.
• Adjust your concept of IP address now:
– IP address is a network interface address, not a PC address.
– If there are 4 NICs in a PC, there are 4 sets IP addresses for thatPC.
28. ipconfig /all
• Give a more detailed status
of the NICs that includes
– DNS server IP
– DHCP server IP
– Dynamic or static IP
(DHCP enabled?)
– MAC addresses/Physical
address.
– Lease of the DHCP
service (when will the
dynamic IP expire?)
• You will use this command
quite often
30. DHCP Service
• As compared to the services that we have studied,
such as HTTP, and SMTP, which is more as a
data/file providing service, or “middle-man” service,
• DHCP service is a networking service.
– Dealing with networking issues and not data resources.
• Normally, user does not actively access the DHCP
service.
– DHCP is “transparent” to user unless you “explore” it
specifically.
• More often, it is the operating system (OS) that
deals with DHCP service.
31. ipconfig /release
• Release the IP
address, netmask and
default gateway back
to DHCP server.
– 0.0.0.0 = no source
ip address, subnet
mask
Command is here
32. ipconfig /renew
• Make request to
the dhcp server
to get
– IP address,
– Subnet mask
– DNS IP
– Gateway IP.
Command
is here
34. DNS cache
• Please be reminded that the function of DNS is to
change the domain name to an IP address
(destination IP).
• When you visit a website, Windows tries to speed
things up by placing the DNS information about
that site, into a DNS cache on your PC.
• Without the DNS cache, your PC has to constantly
communicate with a remote DNS server.
• If previously you have visited some websites, the
IP address of the web sites will be stored in the
DNS cache in your PC.
35. ipconfig /displaydns
• You can check the IP
address of the web
sites (domain name)
that you have visited
with your browser,
with the command
ipconfig /displaydns
37. Overview of “ping”
• Your second best friend in network.
• Your most used command in the labs.
• Function:
– Check connectivity of between a remote IP and your PC
• A successful ping means that the communication
between your PC and the remote IP is okay.
– Accessing a remote service provided by this remote IP
SHOULD NOT be a problem.
• The remote IP can be a server, router, printer, or
another client PC.
• ping comes in the form of Windows command, or
GUI net tools.
38. ping
• Test whether the host is reachable
– Connectivity test between you PC and a remote host
• ping destination_ip or ping domain_name
– c:>ping 192.168.1.1
– c:>ping www.google.com.my
42. Explanation of ping result
• time = Round Trip Time (RTT)
– Time that the ping packet travel to the remote IP and back.
– time = 349ms means, ping takes 349ms to travel from your PC to
203.84.202.10 and then back to your PC.
– Also compute the minimum, maximum and average RTT.
• TTL = time-to-live
– The number of routers that the ping packet can pass before it is dropped by
the router.
– TTL = 51 means the ping packet still can travel 51 more routers.
– TTL = 51 also mean the ping packet have travel (64 – 51) = 13 routers.
46. Comments on Ping
• One of best and yet simple testing tool.
– Use ping to test a remote IP first, before you access a
particular service of that remote IP, after you have set
up a network.
– ping 192.168.1.1 before you dohttp://192.168.1.1
• If you are very sure that your network is working
fine, and yet you can’t ping a particular PC, check
the firewall (or the Symantec setting) of that PC.
– The firewall or Symantec may block the ping reply.
48. Overview of traceroute
• Trace route is an “advanced” form of ping.
• Trace route lists the IP addresses that your data will travel
between you and the destination IP.
• You can imagine that these IP addresses form a route
between you and your destination IP.
• Trace route can be in the form of command and software
package.
– The better trace route software can draw the route (listed with all
the IP) on the world map between your PC and the destination IP.
49. pathping
• pathping destination_ip
• pathping domain_name
• C:>pathping
192.168.1.1
• pathping lists all the IP that it
travels from source to
destination.
• and then compute some
statistics of the route.
50. tracert
• tracert does the similar function as pathping
– But without that “much” statistics as in pathping.
57. Overview of nslookup
• nslookup is both a client and a networking
software.
– Must have a valid DNS IP in the source IP
configuration, otherwise this command won’t
work.
• nslookup communicate with an DNS so that
it can check the IP address of a valid
domain name.
58. nslookup
www.help.edu.my)
• Obtain the public IP address of a domain name
• Need to have a proper DNS server IP first in your TCP/IP setting.
• C:>nslookup domain_name (e.g c:>nslookup
Command
is here
Command
is here
59. Public DNS IPAddresses
• 199.166.24.253 (PS0.NS1.VRX.NET)
– Toronto, ON, Canada
• 199.166.27.253 (PS0.NS3.VRX.NET)
– Richmond Hill, ON, Canada
• 199.166.28.10 (PS0.NS2.VRX.NET)
– Apopka, Fl
• 199.166.29.3
(NL.PUBLIC.BASESERVERS.NET)
– Nederlands
• 199.166.31.3 (NS1.QUASAR.NET)
– Orlando, FL, USA
• 195.117.6.25 (ZOLIBORZ.ELEKTRON.PL)
– Poland
• 38.113.2.100 (NS1.JERKY.NET)
– Boston, MA, USA
• 213.196.2.97 (PAN.BIJT.NET)
– The Netherlands
• 199.5.157.128
– Detroit
• Malaysia’s Public DNS IP
• Schoolnet (ADSL)
– 202.75.44.18
– 203.106.3.171
– 202.75.44.20
• Tmnet Streamyx (ADSL)
– 202.188.0.132
– 202.188.0.133
– 202.188.0.147
– 202.188.0.161
– 202.188.0.181
– 202.188.0.182
– 202.188.1.4
– 202.188.1.5
– 202.188.1.23
– 202.188.1.25
60. nslookup
• nslookup interactive
mode with designated
DNS server to poll.
• If a DNS is too “far”
from your PC, it will be
timed-out.
• Aliases = Other domain
names that use the
same IP address.
64. Overview of netstat
• netstat (network statistics) is a command-line tool
that displays network connections (both incoming
and outgoing), routing tables, and a number of
network interface statistics.
• One possible use for netstat is to determine if
spyware or Trojans have established connections
that you do not know about.
• The command "netstat -a" will display all your
connections. The command "netstat -b" will show
the executable files involved in creating a
connection.
66. netstat -a
• List all the
connection ports
and listening ports
that are running in
the system
67. State of the Connection
• CLOSED
– Indicates that the server has received an ACK signal from the client and the connectionis closed
• CLOSE_WAIT
– Indicates that the server has received the first FIN signal from the client and the connection is in
the process of being closed
• ESTABLISHED
– Indicates that the server received the SYN signal from the client and the sessionis established
• FIN_WAIT_1
– Indicates that the connection is still active but not currentlybeing used
• FIN_WAIT_2
– Indicates that the client just received acknowledgment of the first FIN signal from the server
• LAST_ACK
– Indicates that the server is in the process of sending its own FINsignal
• LISTENING
– Indicates that the server is ready to accept aconnection
• SYN_RECEIVED
– Indicates that the server just received a SYN signal from theclient
• SYN_SEND
– Indicates that this particular connection is open andactive
• TIME_WAIT
– Indicates that the client recognizes the connection as still active but not currently being used
68. netstat -b
• List the programs that are making network connections & their
port numbers
69. netstat –e, netstat –n, netstat-o
• -e
• -n
• -o
Displays Ethernet statistics. This may be combined with the –s option.
Displays addresses and port numbers in numerical form.
Displays the owning process ID associated with each connection.
70. netstat -s
• Displays per-protocol
statistics.
• By default, statistics are
shown for IP, IPv6, ICMP,
ICMPv6, TCP, TCPv6,
UDP, and UDPv6;
72. hostname
• Display the computer name shown in the network.
• Special hostname for 127.0.0.1 = localhost
73. getmac, getmac /v
• Displays MAC addresses for the local system and
network adapter name.
74. arp
• ARP => Address Resolution
Protocol
• “Linking” IP address to a
MAC address in a lookup
table
• Is “dynamic” since IP
address is changeable with
relative to MAC address.
• arp lookup table is stored in
cache since it is not
permanent.
• arp –a
– show all cache
• arp –d
– delete entries in cache
76. Overview of PortScanning
• Test a remote IP to see whether it offers any service.
• Since a port is a place where information goes into and out
of a computer, port scanning identifies open doors to a
computer.
• A port scanner is a software application designed to probe
a network host for open ports.
• May be blocked by firewall or Symantec intrusion detection.
– Port scanning has legitimate uses in managing networks, but port
scanning also can be malicious in nature if someone is looking for a
weakened access point to break into your computer.
77. Analogy of Network Services
• Services (or open ports) are just like data file type
– E.g. “.xls”, “.doc”, “.ppt”, “.avi”, “.jpg”, “.rm”, “.txt”.
• You need a specific application (executable) in
order to open a particular type file.
– Use Word to open “.doc”
– Use Notepad to open “.txt”
– Use Realplayer to open “.rm”
• Network services are the same.
– Use web browsers to access port 80 service.
– Use ftp to access port 21/20 services.
– Use PuTTY to access port 22/23 services.
78. nmap
• A software that you can use to
check the “open ports”
(services offered) in a
particular server.
• Can you tell what services are
available in this server?
(www.insecure.org)
79. nmap
• Command line version of nmap
Command is
here
Services
available in
this server
84. telnet
• telnet is used to remote login to a particular server to perform remote
configuration (powerful command)
• You can telnet to router, modem, and server as long as thesemachine
provide the service.
• telnet destination_ip or telnet domain_name
– c:>telnet 192.168.1.1
– c:>telnet www.google.com.my
86. ftp
Command is here
• ftp 192.168.72.5
• ftp is just to login to a file
server.
– You haven’t transferred
any file yet.
• You need the login name
and the password.
• There is whole suite of
commands after you
successfully log in to the
file server.
• put is to upload a file
• get is to download a file
• This is the old way.
• Now, we normally use the
GUI ftp software
87. PuTTY
• A GUI software that helps you to perform remote configuration.
88. Difference between
Client & Networking software
• Client software transfer, obtain, or manipulate data
and information from/in the server.
• Networking software deals mainly with network
status and network configuration information.
• However, some software/commands belong to both
(networking software and client software at the
same time)
89. Comments to Networking Commands
• There are many more networking commands….
– It will take time to learn how to use these commands/software
– We start with what we have gone through.
– We will learn more as we proceed with the class
• Some of the network commands are “common” in differentOS
– They exist in Linux, Unix and Windows
• e.g. ping, netstat,
– The command option and output may be different
• ping –i (Linux) => delay in sending out ping packets,
• ping –i (Windows) => Time to live
• Some network commands have different name but basically do thesame
function
– ipconfig (Windows), ifconfig (Linux)
• Mostly used in shell, terminal or command prompt.
• Some of the commands may not work in certain LANs since theyare
“firewalled” or “blocked”
– For example, in HELP
91. True/False Questions
• “ping” can check the delay between PCs.
• You can access a web site without using a domain name.
(e.g. msnbc.com)
• “ipconfig /all” shows the IP of the DHCP server.
• “netstat –a” shows all active port numbers and MAC address.
• Three domain names can share a single IP address.
• A near DNS serves better than a far DNS.
• “tracert” shows the list of IP address traveled between source
and destination.
• A wired NIC and a wireless NIC on the same PC can share
the same IP address.