How to Create a Wired Network

Last updated: 25 Apr 2008

Overview

Overview of ethernet network and TCP/IP basics; selection of equipment and cables; hands-on experience creating a small LAN; connecting to the Internet; security concerns; testing network

Workshop Duration

2 hrs.

Student Prerequisites

none

Student Provides

nothing

Lab Provides

Two Computers
Two disk drives with Windows XP and WireShark on it
Administrator account and password on each
Two wired ethernet NICs and cables
One ethernet hub

Preparation

Fresh installation of Windows XP SP2 with WireShark cloned to x disk drives
Disk drives inserted and locked into computers
Setup itadmin account with administrator rights and password
Install Ethernet PCI Adapter
Plug in ethernet hub
Cable examples (internal twisted pair wires, crossover)

Delivery

References
- Ethernet: The Definitive Guide. Spurgeon, Charles E. O'Reilly & Associates. 2000.
- TCP/IP Network Administration. Hunt, Craig. O'Reilly & Associates. 1994.
Network Fundamentals
- social, telephone, data networks
- network model
  Seven-layer OSI model
  1. Layer 7: Application
    mechanisms to support end-user apps such as mail, file transfer, and web access
  2. Layer 6: Presentation
    mechanisms for data representation within applications
  3. Layer 5: Session
    mechanisms for reliable communications among cooperating applications
  4. Layer 4: Transport
    mechanisms for reliable end-to-end error recovery and flow control
  5. Layer 3: Network
    staion to station communication across a number of links -- an internetwork or internet.
  6. Layer 2: Data Link
    staion to station communication across one link -- transmit and receive frames/packets, recognize links, etc.
  7. Layer 1: Physical
    electrical, mechanical, functional control (e.g., cables, interface cards, timing)
- topologies (star, ring, hierarchy)
- hubs/switches and host ids
- bridges (ARCNET, ethernet, token ring, etc.)
- routers
- packets (source, destination, flags, payload)

Ethernet (DIX --> IEEE 802.3)

Arbitrate access to shared communication mechanism

Based on Univ of Hawaii's Aloha radio network
- send whenever
- await ack; no ack ==> collision
- all detect collision, back off random amount, retransmit
Bob Metcalfe did work at Xerox PARC in 1970s
CSMA/CD
- stations (multiple access or MA) listen for activity (carrier sense or CS) before transmitting
- detect when collision occurred (CD)
- sophisticated backoff time algorithm

Popular standards

Id	Media Type	Mbps	Max Segment (m)	Comments
10BASE5	thick coaxial	10	500	the original
10BASE2	thin coaxial	10	185	"Cheapernet"
10BASE-T	twisted-pair (Cat 3)	10	100	very popular
10BASE-FL	fiber optic	10	2000	most popular of original fiber
100BASE-TX	twisted-pair (Cat 5)	100	100	Fast Ethernet; auto-negotiation (10/100)
100BASE-FX	fiber (multi-mode)	100	2000
1000BASE-T	twisted-pair (Cat 5+)	1000	100	autonegotiation of speed and duplex
1000BASE-SX	fiber (short wavelength)	1000	220
1000BASE-LX	fiber (long wavelength)	1000	5000
10GBASE-T	twisted-pair (Cat 6a+)	10000	100	full duplex; no CSMA/CD
10GBASE-nnn	fiber, various	10000	various
100GBASE-nnn		100000	various	being defined now

Elements of Ethernet
1. frame -- bits of data
2. media access control (MAC) protocol -- rules to allow shared access
3. signaling components -- devices that send/receive signals
4. physical medium -- cables and other hardware to carry signals
Frame
- 64 bit preamble (not often necessary)
- 48 bit destination address
- 48 bit source address
- 16 bit type/length
- 46-1500 bytes data
- 32 bit frame check sequence/CRC
MAC Protocol
- Half-duplex mode: each ethernet-capable device or "station" is independent of others on network; connected to shared signaling channel.
- each frame broadcast to all stations if idle channel (carrier sense; if not idle, collision detected, back off and resend later)
- all stations check destination field for their MAC address or enabled multicast address
- if match, NIC delivers packet to networking software
- if no match, frame is ignored
Signaling Components
- ethernet interface
- transceiver (may be built into interface or separate)
- cable
- may include repeater hub to repeat signals from one segment to another
Physical Media
- cables
- interfaces
- hubs -- repeaters and switches
  Repeater sends signals to all ports, and must obey round-trip timing restrictions.
  
  Switch remembers which port is connected to what MAC address, and sends signals only to that port.
- bridge (connect usually dissimilar networks; e.g., ethernet and token ring)

Network Protocols (data part of frame)
- Many used in the past; most popular one now is TCP/IP.
- Independent of physical and data link layers (e.g., Ethernet)
- encapsulated in data part of Ethernet frame

TCP/IP Basics

IP and ICMP, arp and ping

IP: Internet Protocol
Version 4: 4-byte addresses
Version 6: 32-byte addresses

Five-layer network model:
1. Application (e.g., SMTP, FTP, HTTP)
2. Transport (e.g., TCP, UDP)
3. Network/Internet (e.g., ARP, ICMP, RIP)
4. Data Link (e.g., Ethernet, Wi-Fi, PPP, EVDO)
5. Physical (e.g., Ethernet NICs, twisted-pair cable, fiber, coax)

IP Datagram

Bit Positions
0	4	8	16	20	24
Version	Header Len.	Type of Service	Total Length
Identification			Flags	Fragmentation Offset
Time to Live		Protocol	Header Checksum
Source IP Address
Destination IP Address
Options					Padding
Data starts here...

Encapsulated in media (e.g., ethernet) frame's Data field.

ARP: Address Resolution Protocol
Broadcast IP address to find MAC address associated with it. Requests are cached; use this command to see them:
```
        arp -a
        
```
ICMP: Internet Control Message Protocol
- uses IP datagram
- sends message to source if datagrams sent too fast
- detects unreachable destinations
- redirect host to route to another gateway
- detects if remote system is up
ping
Most common ICMP datagram sender from user's perspective. Try:
```
        ping 128.208.250.2
        
```

UDP: User Datagram Protocol

Connectionless (nothing in protocol to guarantee receipt of packet)

Datagram

Bit Positions
0	16
Source Port	Destination Port
Length	Checksum
Data starts here...

Encapsulated in IP datagram's Data field.

More efficient than TCP

TCP: Transmission Control Protocol

Connection-oriented, sequences/retries
Datagram

IP Datagram

Bit Positions
0	4	12	16	24
Source Port			Destination Port
Sequence Number
Acknowledgement Number
Offset	Reserved	Flags	Window
Checksum			Urgent Pointer
Options				Padding
Data starts here...

Encapsulated in IP datagram's Data field.

Three-way connection handshake
Sets up sequence numbering
Acknowledges receipt of segment and how much more receiver can accept
Maintains bytes sent and received
Accepts bytes of window size or tells sender to cease sending
Delivers data to correct application by destination port number

IP addresses and notation (/x and subnet mask), routed and non-routed

Addresses: w.x.y.z, one byte each from 0..255

Classes of addresses

First Byte Is	Class	Network Number	Host Address
0..127	A	first byte	next three bytes
128..191	B	first two bytes	last two bytes
192..223	C	first three bytes	last byte
>223	D	ignore	ignore

Class A network 0 reserved for default route
Class A network 127 reserved for loopback address
In all classes, host numbers 0 and 255 reserved
- 0 means network itself -- used by routing table to refer to entire network
- 255 is the broadcast address -- used to deliver datagram to every host on network
gateway has different address for each connected network
subnets split network part into smaller pieces
- allows delegation of managing network
- can help overcome hardware differences
- bit mask can be used to define subnet: bit on means use corresponding part of address as network
```
          IP: 192.168.10.20 Subnet mask: 255.255.255.0
          Means: Host 20 on subnet 192.168.10.0
          
```
- alternatively, subnets can use slash notation, with number of bits that are on. The example above's subnet would be:
```
          192.168.10.0/24
          
```
Not all networks are routed; common "private" ones are:
- 10.0.0./8
- 172.16.0.0/12
- 169.254.0.0/16
- 192.168.0.0/16

Displaying host IP address
In a Windows CMD shell:
```
      ipconfig
      
```

Setting static host IP address

In a Windows CMD shell:

      netsh interface ip set address name="Local Area Connection" source=static addr=10.28.250.67 mask=255.255.255.0

Routing or Forwarding
- Host does its own to local and on subnet
- Gateway(s) connected to host allow for internetwork forwarding
- commands
  All of these will provide the same information: a display of the routing table. The last is Windows-specific.
```
        netstat -nr
        route
        route print
        
```
- Default route
  The destination is 0.0.0.0, and the netmask (or genmask) is 0.0.0.0 with the IP address of the default gateway to the rest of the world; i.e., if no explicit route is set, use the default gateway.
  
  Example of setting a default gateway from Windows:
```
        route add 0.0.0.0 mask 0.0.0.0 128.208.250.100
        
```
  The last value is the default gateway's IP address. Or, using netsh:
```
        netsh interface ip set address name="Local Area Connection" gateway=10.28.250.100 gwmetric=0
        
```
Protocols and ports
- UDP or TCP (byte 10)
  To see the recognized protocols:
```
        notepad C:\WINDOWS\system32\drivers\etc\protocol
        
```
- ports (bytes 23..24) identify applications that might be listening on port number
  To see listening ports on Windows:
```
        netstat -an | findstr LISTENING
        
```
- well-known and reserved services use ports 1..1023
  To see some of these service name to port mappings:
```
        notepad C:\WINDOWS\system32\drivers\etc\services
        
```
- ports can be dynamically allocated (source ports)
```
        netstat -an
        
```
Resolving domain names to IP addresses
Construct a table of name to IP mappings ("hosts" file) or consult a domain name service (DNS).
- hosts file
```
        notepad C:\WINDOWS\system32\drivers\etc\hosts
        
```
  - Includes at least:
```
          127.0.0.1    localhost
          
```
  - Must be copied to all hosts whenever new host is added or changed
  - Backup in case DNS is down
- Set up a DNS server address
```
        netsh interface ip set dns name="Local Area Connection" source=static addr=128.95.120.1 register=NONE
        
```
  - Order of search -- use the GUI
    Can do it with wmic and nicconfig alias.
  - Must be done on all hosts whenever DNS server is added or changed
Firewall
Should set one up, but know what you want to do first.
- ports
- program exceptions
- scope
DHCP -- Dynamic Host Control Protocol
Assign ("lease") a predefined IP address from a pool of addresses when some computer ("DHCP client") broadcasts a request for an address to any listening "DHCP Server". The server can also assign DNS servers and gateways.
- when lease expires, address is returned to pool
- when pool is empty or DHCP server cannot be found, non-routed address is used (on Windows XP's subnet 169.254.0.0/16)
- not done on Windows XP, but on Windows Server 2003
- common feature of Unix systems and wireless routers
NAT -- Network Address Translation
Usually used together with DHCP and a private IP address pool to map one of many private addresses to one or a few public addresses, to extend the IP addresses that can be used and protect the private addresses from some external threats.
- not done on Windows XP, but on Windows Server 2003
- common feature of Unix systems and wireless routers and access points

Wired networks: advantages and disadvantages
- + well-known
- + physical security
- + generally clear signal (no/low interference)
- + speed
- - cabling costs
- - physical proximity
- - change in speed may require re-cabling and new switches
- - infrastructure costs (e.g., network closets)

Hands-on Time

Create crossover connection (one wire, one crossover mechanism, two computers)
Set ip address on both computers
- Computer a: Use 10.208.104.m -- m is number of computer and subnet 255.255.0.0
```
      netsh interface ip set address name="Local Area Connection" source=static addr=10.208.104.m mask=255.255.0.0
      
```
- Computer b: Use 10.208.104.n -- n is number of computer and subnet 255.255.0.0
```
      netsh interface ip set address name="Local Area Connection" source=static addr=10.208.104.n mask=255.255.0.0
      
```
- Make sure Windows Firewall is off, and that the Advanced/Network Connection Settings/Settings.../ICMP/Allow incoming echo request checkbox is checked.
- ping from a to b; ping from b to a
- change subnet of b to 255.255.255.0
- again, ping from a to b; ping from b to a
- change subnet of a to 255.255.255.0
check the IP configuration
```
    ipconfig /all
    
```
ping to www.google.com
Create connection to hub (three wires, one hub, two computers, one internet connection)
ping to:
- www.google.com
- computer a from b
- computer b from a
Set up a gateway
- route any addresses that aren't known to the default gateway
```
      route add 0.0.0.0 mask 0.0.0.0 gw 128.208.247.100
      
```
- Check it
```
      route print
      
```
- ping www.google.com
  It won't work because you are using an unroutable IP address.
- Change to using a dynamic IP address using the Control Panel/Network Connections.
  This also might work:
```
      netsh interface ip set dns name="Local Area Connection" source=dynamic
      
```
- ping 128.208.250.2

Set up a DNS server

Set up the server

      netsh interface ip set dns name="Local Area Connection" source=static addr=128.95.120.1 register=NONE

Check it
```
      ipconfig /all
      
```
ping www.google.com

Look at ports

All ports
```
      netstat -an
      
```

All listening ports

      netstat -an | findstr LISTENING

Which program is listening?

      netstat -anob >c:\netstat.out
      notepad c:\netstat.out

The item in the square brackets is the service name.

Cleanup

Clone disk drives
Remove hub and cables