CS70 Network Fundamentals & Architecture

David Morgan
Santa Monica College
see syllabus for email address



Grade information

Reading list, per chapter:
 6th edition
 5th edition

Course outline

SMC dates/deadlines

DETER net testbed
  get/use an account
  news report (pbs)


Textbook's website

RFC lookup

Remote Unix access with ssh

Fundamental Unix Commands

Protocols: non-cyber examples

MAC address assignments
 - listing
 - search

TCP/IP - Intro to the IP Protocols

TCP/IP Pocket
Reference Guide
 - IPv4 version
 - IPv6 version

IP addresses

IP packet delivery

Network calculators:
  here's one
  and another
  and a third

Real world DSL
  - a DSL order

commercial routers

Windows networking
 Practically networked

Linux Network Administrator's Guide

Playing client
with telnet and netcat

Sockets: socket programming

Client/server sample:
 general architecture
 source code:
 - echoserver.c
 - echoclient.c
 executables (fedora15):

Sockets: sample programs
 - letter-upgrader server
 - letter-upgrader's client

 - upper-echoback server
 - client for echo-back server

 - web (file-send) server
 - client for file-send server

nmap: Ethical Hacker article

VPN article







echo (port 7)

discard (port 9)

chargen (port 19)

Slide presentations
(miscellaneous - see
course outline for
mainstream slides)





Access technologies (Chs. 12+16 abridged)

Wires, hubs, switches


dhcpd (address server)

DHCP protocol

Samba (MS fileshare client) 

SMB (MS fileshare) protocol


Networks: miscellaneous essentials

Networks: modems & Point-to-Point Protocol

Networks: firewalls

Narrated slide presentations

internetworks  (33MB)

ping  (16MB)


Section 1729  9:00a - 12:05p Sat Bus 263

This Website (http://homepage.smc.edu/morgan_david/)  will be used extensively to communicate with you. Announcements, grade reports, and assignments will be posted here. Please access the website from any SMC computer lab. Alternatively, it can be viewed from an internet-connected browser anywhere. You are responsible for awareness of the information posted here.

Thank you - for taking the course; I hope it met your needs. I think most of you learned a lot since February. I hope it proves useful in your future personal and professional projects. (6/13)

Other courses I teach - are known to you from the main website front page. There, you can see the class-specific pages from recent semesters for a concrete idea of their exact content (particularly see the course outlines).

CS40 - Operating Systems (3hr credit, next offered Spring 2018)

CS41 - Linux Workstation Administration (3hr credit, next offered Fall 2017)

CS75 - Network Protocols further depth and variety on the topic beyond CS70 (2hr credit, next offering unscheduled)

CS78 - Secure Server Installation & Administration (3hr credit, next offered Summer 2017)
In this class, with cooperation from USC/ISI, we will have accounts on the DETER testbed where we will create remote test networks. 

I also teach related courses at UCLA Extension in linux system administration, linux networking, linux shell scripting, and cyber security. They are more costly than those of community college, but are public and available. (6/13).

Summer cybersecurity class - CS78, I will teach beginning 6/20 in case you are interested. Meets Tuesday/Thursday nights for 8 weeks.
In this class, with cooperation from USC/ISI, we will have accounts on the DETER testbed where we will create remote test networks. (6/3)

Grades - updated. The grades shown today reflect all your work of which I am aware. Please call anomalies to my attention. (6/3)

Final exam date - Saturday, June 10, in our classroom at class time (5/27)

reading - do the remaining reading. (5/27)
watch - this comparing switches vs. hubs.  (12/08)

Firewalls - related to networks and security both, are given dedicated treatment in the security course CS78 not this networking course. The command in linux that implements firewall rules, and hence firewalls (which are collections of rules expressing responses to be taken to packets with certain characteristics), is iptables. The alternative firewall command found in FreeBSD is pf. The logic of all firewalls is the same, and the internal implementation is highly similar (an in-memory data structure, something like a bitmap, applied to packets). The syntax of the command or GUI application that actually does the implementation is where firewalls differ with one another. (If you take CS78 you will do a DETER exercise in which you exercise firewalls, similar to but beyond the cursory use of iptables in your current CS70 internetworking exercise on DETER.) (5/19)

Hello Central, give me 209 - in TCP/UDP client-server terms (diagram below), what is Lightnin' Hopkins? Central? his baby? 209?
Please google: "Hello Central, give me heaven," "Hello Central, give me No Man's Land," A Connecticut Yankee in King Arthur's Court (search it for "hello") 
Among these examples, why does "Hello Central, give me 209" offer the best analogy? (5/19)




Important name service files on linux computers -
 /etc/hosts  gives "mappings" that pair IP addresses with names
 /etc/resolv.conf  tells the system the IP addresses of one or two name servers to use
 /etc/services holds name-to-number mappings for udp and tcp ports (5/19)

Addresses, functions - you know them. Don't get them mixed up.


Sample captures courtesy of wireshark.org - in order to study a protocol in Wireshark you could use that protocol while simultaneously capturing it. Or you can take the captured results of others' activities without having to run the protocol of interest yourself. For example, if the kerberos authentication protocol interests you but you have no account on any kerberos server so can't run it yourself, you can grab krb-816.zip which holds a full trace of kerberos in operation, and open it up in Wireshark for scrutiny. Many such pre-captured protocols are available on the site (above "Sample captures" link). (5/19)

- this exercise on internetworking, which extends the one we did in class. This is to be done on DETER, remotely, using the DETER accounts issued to you.
what to turn in - as the product of this assignment, please make a screenshot of the web page you get at the end of the exercise in the subsection "5. Port forwarding" of the section "Tasks." (This will be the screen on NWworkstation1 that is obtained there when you execute the lynx browser to get content from the web server located on SWworkstation1.) Send the screenshot to me as an email attachment to morgan_david@smc.edu please  - due end-of-day Sunday June 11.

Respond within 72 hours please - to an auto-generated email message from DETER that you should have received at your SMC email address. I created DETER accounts for you. The email message should be self-explanatory and requires a password change within 72 hours. (5/12)

Grades - have been posted, including MAC vs IP, error detection, and the recent test. (5/12)

Summer paid internships with near-term application deadline were called to my attention. Please see this message and this link. The internships appear to be paid and open to those "18-24 years old OR currently enrolled in an LA-area community college." (5/10)

So, what are these guys gonna do different? I told you my experience with satellite internet service, untenable for interactive use. (i.e., way slow). (5/3)

Job fair on campus next Tuesday if you are interested. (5/3)

Midterm exam reading - test will be May 6. Please see the "Readling list, per chapter" link, above left, which indicates which chapters' material will be covered by the exam. (4/29)

Who are IANA? Where are they? What is their job?

IPv6 - will be covered in CS75 Network Protocols when next offered.

Some IPv6 resources -
Deep Space 6
Linux IPv6 HOWTO
IPv6 at Microsoft
World IPv6 Day (June 2011)

Appreciate the degree of address space expansion implied by going to IPv6. IPv4 offers an address space of 4 billion. Going from 32-bit to 64-bit addresses, how many times more addresses would we get? 4 billion times more. Now we have 4 billion, then we'd have 4 billion times as many as we do now. If instead we went from 32-bit to 128-bit addresses we'd further raise the ante by a factor of 4 billion, twice. As below, showing how many addresses there are in the address spaces of IPv4 vs IPv6.

IPv4:  4 x 109 addresses

IPv6:  (4 x 109) x ( 4 x 109) x (4 x 109) x ( 4 x 109) = 256 x 1036 addresses

It is said that where we have billions now we'll have trillions then. That's true, but it is the understatement of the year. Maybe whoever said that meant to say we'd have trillions times more. Also true, also massive understatement. We'll have 1027 times more addresses. That's many trillions of  trillions more than what we have now. Which is, already, billions. If the world population were 10 billion (it's 7 billion now and growing), then we have less than one address per person in IPv4. In IPv6 we have several trillion trillion, per person. (4/29)

TCP (and UDP) Ports you should know
Q: where do the "well-known port" numbers come from?
A: IANA (Internet Assigned Numbers Authority) 

Q: what are the well-known port assignments?
A: the list is long (cf., /etc/services on any linux box or equivalent C:\WINDOWS\system32\drivers\etc\services on XP)
note: udp and tcp ports are separate/independent; udp port 53 is not tcp port 53

Q: which ones should we know for this class?
A: 21, 22, 23, 25, 53(udp), 80, 110, 123 (look up what service each belongs to, above)

Various services and the server programs and protocols they use.

Service Server Linux executable Protocol used
name BIND /usr/sbin/named dns
web APACHE /usr/sbin/httpd http
MS sharing SAMBA /usr/sbin/smbd smb
address DHCP /usr/sbin/dhcpd dhcp
socket demo CHOMPER /opt/socketdemo/byteme none
letter upgrade letter upgrade server4 none, really


Grades - have been posted, including IP transmission exercise (Sally and Harry) but not yet mac/ip at the link entitled "Grade information" at left. (4/29)

Homework - 
do - "error detection," course outline section 9 Homework column. due on sputnik end-of-day Saturday 4/29 (4/22)

Electronic Frontier Foundation's HTTPS-Everywhere plug-in for Firefox and Chrome is one measure that can render arp spoofing in, for example, a coffee shop unuseful for the spoofer/eavesdropper. FYI. (4/22)

DETER accounts were or will shortly be created for you. You get an auto-generated email from DETER giving information and instructions. (4/22)

FYI - bachelor's degree from SMC
In a new program several community college districts in California will begin offering bachelor's degrees. Each one offers a degree in one specific field of study. At SMC that fiels will be "interaction design." Studies toward the degree begin this Fall semester. (4/19)

In-class exercise to build an internetwork - will occupy the entire 3 hours, no lecture. Probably performed upon return from spring break, on April 22. (4/8)

Spring break - coming up. There will be no class meeting April 15. (4/8)

Grades - have been posted, including "partition a subnet" at the link entitled "Grade information" at left. (4/8)

arp and ping network trace file arpandping.zip can be obtained via scp/sftp from the public account's home directory on sputnik (you know its password). It contains the trace/capture of last week's hands-on class activity. You can open it in Wireshark and study it if you wish. (4/1)

Midterm exam reading - there will be a midterm. Please see the "Readling list, per chapter" link, above left, which indicates which chapters' material will be covered by the exam. Continue reading with the aim of reading all those chapters by the midterm date, upcoming. (4/1)

Homework - 
do - "MAC vs IP addresses," course outline section 7 Homework column. due on sputnik end-of-day Sunday 4/23
do - "IP packet delivery," course outline section 7 Homework column. due on paper in class Saturday 4/22
The two assignments focus on the same understanding. (4/1)

Grades - posted at link entitled "Grade information" at left. (3/25)

Golden rules for deciding how to ship a packet (Fore Systems "IP packet delivery"):

We reviewed the concept behind the "IP packet delivery": if IP thinks a destination IP address is local it arps for that IP address, if not it arps for the IP address of its default router (which comes from the routing table). Everything hinges on what "local" means. That is a function of the given destination address, the local address, and the local netmask. Network calculators and/or the linux "ipcalc" command can help you recreate IP's "thinking process" in this regard for particular subnets, addresses, and netmasks.

A related description of the thinking process comes from our textbook, Computer Networks and Internets, Douglas Comer (see p. 368 fifth edition). (3/25)

Homework - 
do - "subnet partitioning," course outline section 7 Homework column. Turn in on paper in class April 1 (3/25)

Double match?? - what would happen if an IP packet's destination address matched two entries in the routing table. To which of the two interfaces would it be sent? Is this even possible? (3/18)

Network Address  +  Netmask  =  Subnet
It's useful to think of a network (a.k.a. subnet) as being defined by a position, and an extent measured from that position, on the continuum of IP addresses represented as a number line. A network is definitively identified by a 2-component ID. The first is its network address and the second is its netmask. 

It is the network address that establishes the position or starting point of the address range or block that is the network. And it is the netmask that establishes its extent or size. As an example consider a network whose network address is and whose netmask is (the one that signifies "thirty-two" as size). The number line below is a microscopic segment of the number line for the whole internet. That number line is 4 billion addresses in length (because with 32 bits 4 billion is the number of distinct address values that can be composed). Here, with the first 24 bits of our address (64.52.25) we are narrowing in on a particular little 256-address segment within that number line. Within the segment, the network address further positions us with final precision. This idea of sectioning off the 4 billion addresses into separately addressable subordinate pieces is called subnetting, and the resulting pieces or address groups are called subnets.


Homework - 
see/do - the homework column of course outline, section 5 ("netmask legality"). due on sputnik in the "assignments" subdirectory of your home directory end-of-day Wednesday March 22
read, specifically -
the write-up at the link entitled "Masks, routing, and subnets" in course outline section 7 and the reading material in section 5, which includes coverage about upcoming topic arp
read, generally - readings shown in the course outline and link entitled "Reading list, per chapter." The latter is what I want you to read, from the textbook, for the whole course. Read forward to succeeding sections to prepare for upcoming topics. I will not further specify which items to read when. Read them all, for the entire course, in concert with in-class coverage as we proceed. By now or very soon you should have done the readings for sections 1-5 in the course outline. At that point, keep going week by week.

Routing - important formulations of the "route" command
Three kinds of routes can appear in a routing table: host route for a specified individual machine, network route for a specified grouping of them, default route as catch-all for everything (unspecified) else. Here are the four key linux command formulations by which you add such routes to a routing table. Though there are 3 kinds of routes, note that 4 command formulations appear. We mentioned the concept of gateways (machines other than the destination, to which you would send the destination's packets for forwarding).  That accounts for there being 2 network route formulations below. One is for the case where the routed-to network is the one you yourself are plugged into, the other for the case where that network is "foreign" or "elsewhere" to you.

Add route to a machine (host route):
  route add –host eth0 
Add route to a group of machines (network route - local) 
  route add –net netmask eth0 
Add route to a group of machines (network route - gatewayed) 
  route add –net netmask gw 
Add route to “any and all” (default route) 
  route add default gw

Study these commands intently and try to internalize the semantic meaning they embody. (3/10)

Windows route command - differs in syntax and scope somewhat from the linux command of the same name. But it is kindred in spirit and operates on the very same internet protocol (though not the same coded implementation of it). The internet protocol is defined outside Microsoft and outside linux. Both Microsoft and linux programmers  have taken their hand to writing programs that do what the protocol defines. Including a "route" command to manipulate the protocol's route table. In Windows, open a command box and execute "route print" if you wish to see the route table. (3/10)

Network size for common netmasks:

Netmask: # of one bits: # of zero bits: Implied network size:  24 8 256 (254) 25 7 128 (126) 26 6 64 (62) 27 5 32 (30) 28 4 16 (14) 29 3 8 (6) 30 2 4 (2)


Lego project - make a router for your toy trains. (3/10)

Wireshark, protocols, and people
--how many protocols does it support? - Apparently the number of protocols supported has reached about 2000.
--who pays these open-source people, anyway? - in most cases nobody. Open source is a labor of love and mostly programmers don't get paid. As for who they are in the case of Wireshark, a list of "contributors" appears at the bottom of the Wireshark man page (that means "manual" page, the traditional form of unix/linux documentation-- give the command "man wireshark" on a linux computer to see it). To my surprise it lists about 850 people. (3/10)

Grades - posted at link entitled "Grade information" at left. (3/10)

Packet capture files for you from the "wireshark" in-class exercise
I performed the exercise while running Wireshark and saved the traffic into capture files. You can open my files in Wireshark, to replay and analyze what I did.

The IP addresses of the machines I used were and Those are reflected in the captures. Get the files (unzip) then open them in Wireshark. You can then ponder the questions the exercise asks and use the captures to help you understand. The files are:
 for section 4:  echo-udp.cap  echo-tcp.cap
 for section 7:  login-telnet.cap  login-ssh.cap
 for section 8:  http.cap 

Satisfy yourself you have a pretty good idea what you are looking at. In particular, compare the header structures you see in the captured frames with the ones mapped out in the TCP/IP Pocket Reference Guide. And, practice using Wireshark's "Follow TCP stream" feature, found by right-clicking on packets in the packet list pane. It will starkly and unmistakably extract the password used in the telnet login session. And it will reveal the content of the web page obtained in the http browse session. There is nothing to turn in.  (3/4)

Grades - posted at link entitled "Grade information" at left. (3/4)

Homework - 
do the reading shown in the "Homework" columns of the course outline's topic 1 through 5, at your own pace as we cover these topics in class. All of this material is now current so please read it. Listen to the Bob Metcalfe youtube video, course outline section 4. (3/4).

What other data link protocols besides ethernet are out there? You might instead have
  point-to-point protocol ("dial up")
  frame relay
  asynchronous transfer mode (ATM)
  802.11 ("wi-fi") in part (3/4)

What's the difference?
ARPANet, Leonard Kleinrock's network (now, the Internet), used dedicated connections between computer nodes. He made a phone call to Stanford from UCLA. The wire employed belonged to the phone company. The wire was not used by any other nodes, during the phone call. It was not shared. It was dedicated. Nodes that used it owned it and did not have to compete for it with any other nodes.
ALOHAnet, Norm Abrahamson's satellite based network among islands in Hawaii, used a satellite that could service only one connection at a time, and that all participating computer nodes had to use. So necessarily, nodes had to share it. It was non-dedicated. Nodes that used it did not own it and had to compete for it with all other nodes.
Ethernet was derived from ALOHAnet, and relied on a shared medium too. But while the ALOHAnet medium was radio to the satellite, the ethernet medium was a copper wire. (3/4)

Homework - 
see/do - the homework column of course outline, section 4 ("ethernet frames"). due on sputnik in the "assignments" subdirectory of your home directory end-of-day Sunday 3/5 Tuesday 3/7 
read - readings shown in the course outline through section 4; also read forward to succeeding sections as you have time, to prepare for upcoming topics.
listen - to Bob Metcalfe talk about inventing ethernet.

RFC process - how protocols get created. Here is a current example, HTTP 2 which was published as an RFC in May, 2015. See in particular the development timeline that has led it to this point. (2/25)

Screenshot of Microsoft Network Monitor courtesy of a former student. Compare the interface with Wireshark's.


Course outline - with approximate weekly topic coverage corresponded to related readings, homework assignments, and in-class slides I will use.

Homework - 
do the reading and homework shown in the "Reading" and "Homework" columns of the course outline's topic #1.

Cover art on Tannenbaum textbook:

What is it??

"Number please?" asks the switchboard operator. The switchboard is a board. It's for switching. Switching changes a circuit between you and somebody. It can complete a circuit to your Aunt Bheulah in Iowa City so you can thank her for the knit socks. After you hang up if you want to call your uncle in Waco you'll need to switch circuits, to get a circuit to him instead of her. That's what the operator does for you. The "switch"ing in "switch"board is circuit switching. Nowadays in computer networks it's not circuit switching anymore, it's packet switching.


Functional layering - the famous "Open Systems Interconnect" model is depicted below. Somebody once had the idea that maybe there could be a way to get independent computer systems of different types to be able to exchange information with one another. The diagram blueprints the idea for "how in the world are we going to make that work??" That idea is the subject of this course.

First-day administrative information you will need to know:

Procedures for using class laptops

A Remote Unix system account will be created for you.

Distributing files from sputnik to the class as a whole,  publicly - the above file transfer discussion describes file movement to and from your own home directory, exclusive to you. Sometimes I will want to have someplace to put a file so everybody can get to it and download it. When I do that, here's how to download them.

Using ssh (secure shell). ssh is an important tool you will use for interacting with remote computers. For that you will need an ssh client. There are a number of ssh client alternatives.

Running linux at home.

Slides available online - for most if not all slides I will show in class. Links to them can be found in the "Slides" column of the course outline.

Course-long textbook reading - a chapter-by-chapter list ( 6th edition, 5th edition ). The textbook is divided into chapters and they in turn into numbered sections. The list tells you which sections to read for this course when chapters are assigned. For example if I assigned chapter 10 and it had 17 sections, if this list specifies "10.1-100.5, 10.7, 10.12-17" it means I didn't feel sections 10.6 nor 10.8-11 were relevant enough so I only list the balance of the chapter. Read unlisted portions for your own interest if you wish, but the listed sections are what's officially assigned to you.

Textbook - Computer Networks and Internets, sixth edition, Douglas Comer, Pearson Prentice Hall , 2015.

Wireshark - is an excellent free packet capture utility. What is a packet, and why caputre it? We'll talk about that later. I will ask you to install and use Wireshark later in the semester, assuming you have a linux or windows computer available on which to do so. Please visit Wireshark's home page.

Opportunity - I'm happy to tell you that as a class we have the fortunate invitation to use a network testbed facility operated by USC/ISI called DETER. I will request individual DETER accounts for you; when they are created you will get an email message with info and credentials. In class I will describe DETER and how we will use it. This will come some weeks into the semester. In the meantime, you can explore the links under the heading "DETER net testbed" at left if you like.


"What hath God wrought?"
May 24, 1844

"Mr. Watson come here, I want to see you."
March 10, 1876

October 29, 1969