Section 1721 9:00a - 12:05p Sat Bus 263
will be used extensively to communicate with you.
Announcements, grade reports, and assignments will be posted here.
Please access the website from any SMC computer lab. Alternatively,
it can be viewed from an internet-connected browser anywhere. You
are responsible for awareness of the information posted here.
TCP (and UDP) Ports you should know
Q: where do the "well-known port" numbers come from?
(Internet Assigned Numbers Authority)
Q: what are the well-known port assignments?
A: the list
is long (cf., /etc/services on any linux box or equivalent C:\WINDOWS\system32\drivers\etc\services
note: udp and tcp ports are separate/independent; udp port 53 is not tcp
Q: which ones should we know for this class?
A: 21, 22, 23, 25, 53(udp), 80, 110, 123 (look up what service each
belongs to, above)
Various services and the
server programs and protocols they use.
IPv6 - will be covered in CS75 Network Protocols
when next offered.
Some IPv6 resources
Deep Space 6
World IPv6 Day (June 2011)
the degree of address space expansion implied by going to
IPv6. IPv4 offers an address space of 4 billion. Going from 32-bit
to 64-bit addresses, how many times more addresses would we get? 4
billion times more. Now we have 4 billion, then we'd have 4 billion
times as many as we do now. If instead we went from 32-bit to
128-bit addresses we'd further raise the ante by a factor of 4
billion, twice. As below, showing how many addresses there are in
the address spaces of IPv4 vs IPv6.
IPv4: 4 x 109 addresses
IPv6: (4 x 109) x ( 4 x
109) x (4 x 109) x ( 4 x 109) = 256
x 1036 addresses
It is said that where we have
billions now we'll have trillions then. That's true, but it is the
understatement of the year. Maybe whoever said that meant to say
we'd have trillions times more. Also true, also massive
understatement. We'll have 1027 times more addresses.
That's many trillions of trillions more than what we have now.
Which is, already, billions. If the world population were 10 billion
(it's 7 billion now and growing), then we have less than one address
per person in IPv4. In IPv6 we have several trillion trillion, per
reading - do the remaining reading.
do - the activities in course outline section 12 about ping,
listen - to the narrated version of the slides about netstat,
course outline section 12 slides column
watch - this comparing switches
vs. hubs. (5/11)
Grades - updated, include test. (5/11)
Firewalls - related to
networks and security both, are given dedicated treatment in the
security course CS78 not this networking course. The command in
linux that implements firewall rules, and hence firewalls (which are
collections of rules expressing responses to be taken to packets
with certain characteristics), is iptables. The alternative firewall
command found in FreeBSD
is pf. The
logic of all firewalls is the same, and the internal implementation is highly
similar (an in-memory data structure, something like a bitmap, applied to packets). The syntax of the command or GUI application that actually does
the implementation is where firewalls differ with one another. (If
you take CS78 you will do a DETER exercise in which you exercise
firewalls, similar to but beyond the cursory use of iptables in your current
CS70 internetworking exercise on DETER.) (5/11)
give me 209 - in TCP/UDP client-server terms (diagram
below), what is Lightnin' Hopkins?
Central? his baby? 209?
Please google: "Hello Central, give me heaven," "Hello
Central, give me No Man's Land," A Connecticut Yankee in
King Arthur's Court (search it for "hello")
Among these examples, why does "Hello Central, give me
209" offer the best analogy? (5/11)
Important name service files on linux
/etc/hosts gives "mappings" that pair IP
addresses with names
/etc/resolv.conf tells the system the IP addresses of
one or two name servers to use
/etc/services holds name-to-number mappings for udp and tcp
Addresses, functions - you
know them. Don't get them mixed up.
captures courtesy of wireshark.org - in order to
study a protocol in Wireshark you could use that protocol while
simultaneously capturing it. Or you can take the captured results of
others' activities without having to run the protocol of interest
yourself. For example, if the kerberos authentication protocol
interests you but you have no account on any kerberos server so
can't run it yourself, you can grab krb-816.zip which holds a full
trace of kerberos in operation, and open it up in Wireshark for
scrutiny. Many such pre-captured protocols are available on the site
(above "Sample captures" link). (5/5)
Grades - are up-to-date. They include error detection
assignment. They also include points for participation in the 3-hour
lab 2 weeks ago. Please call any anomalies to my attention. (5/4)
exam - test will be May 5. Please see the
"Readling list, per chapter" link, above left, which indicates
which chapters' material will be covered by the exam. Please bring a
Scantron form 882 (green). (4/27)
do - "error detection," course outline section 9 Homework column. due on sputnik end-of-day
Wednesday, May 2 (4/27)
do - this exercise
on internetworking, which extends the one we did in class. This is to be done on DETER, remotely, using
the DETER accounts issued to you.
what to turn in - as the product of this assignment, please
make a screenshot of the web page you get at the end of the exercise
in the subsection "5. Port forwarding" of the section
"Tasks." (This will be the screen on NWworkstation1 that
is obtained there when you execute the lynx browser to get content
from the web server located on SWworkstation1.) Send the screenshot
to me as an email attachment to email@example.com
please - due end-of-day Tuesday,
June 12. This is after our last class meeting and
final exam, the last official day of Spring, meaning you can do it
any time during the remainder of the semester. Do it early, so that
you can ask for help if you need it.
Respond within 72 hours please
- to an auto-generated email message from DETER that you will
receive at your SMC email
address when I create DETER accounts for
you. The email message should be self-explanatory and requires a
password change within 72 hours. (4/27)
accounts were or will shortly be created for you. You get
an auto-generated email from
DETER giving information and instructions. (4/28)
Who are IANA? Where
are they? What is their job?
exam reading - there will be a midterm. Please see the
"Readling list, per chapter" link, above left, which indicates
which chapters' material will be covered by the exam. Continue
reading with the aim of reading all those chapters by the midterm
Tentatively, we will cover error detection next week and hold the
exam the following week on May 5. (4/21)
Frontier Foundation's HTTPS-Everywhere
plug-in for Firefox and Chrome is one measure that can
render arp spoofing in, for example, a coffee shop unuseful for the
spoofer/eavesdropper. FYI. (4/21)
In-class exercise to build
an internetwork - will occupy the entire 3 hours, no
lecture. Will be performed at our next meeting Saturday April 21.
Spring break - coming up.
There will be no class meeting April 14. (4/7)
arp and ping network trace file arpandping.zip
contains the trace/capture of our hands-on
class activity. You can open it in Wireshark and study it. (4/1)
do - "MAC vs IP addresses," course outline section 7
Homework column. due on sputnik
end-of-day Thursday 4/19
do - "IP packet delivery," course outline section 7
Homework column. due on paper in
class at next meeting Saturday 4/21
The two assignments focus on the same understanding.
Play with network calculators on the internet, try to understand what they
offer to calculate for us. There are links to 3 such calculators, below
left, under the title "Network calculators." (4/6)
Golden rules for deciding how to ship a packet
Systems "IP packet delivery"):
We reviewed the concept behind the "IP packet delivery": if
IP thinks a destination IP address is local it arps for that IP address,
if not it arps for the IP address of its default router (which comes from
the routing table). Everything hinges on what "local" means.
That is a function of the given destination address, the local address,
and the local netmask. Network calculators and/or the linux "ipcalc"
command can help you recreate IP's "thinking process" in this
regard for particular subnets, addresses, and netmasks.
description of the thinking process comes from our textbook, Computer Networks and
Internets, Douglas Comer (see p. 368 fifth edition). (3/31)
Grades - have been updated at link
entitled "Grade information" at left. (3/28)
do - "subnet partitioning," course outline section
7 Homework column. Turn in on paper in
class March 31 (3/24)
Grades - have been posted at link
entitled "Grade information" at left. (3/24)
Double match?? - what would
happen if an IP packet's destination address matched two
entries in the routing table. To which of the two interfaces would
it be sent? Is this even possible? (3/24)
Network Address + Netmask
It's useful to think of a network (a.k.a. subnet) as being defined by a position,
and an extent measured from that position, on the continuum of IP
addresses represented as a number line. A network is definitively identified by
a 2-component ID. The first is its network address and the second is
is the network address that establishes the position or starting point
of the address range or block that is the network. And it is the netmask that establishes its extent
or size. As an example consider a network whose network address is 184.108.40.206 and
whose netmask is
255.255.255.224 (the one that signifies "thirty-two" as size). The number line below
is a microscopic segment of the number line for the whole internet. That number
line is 4 billion addresses in length (because with 32 bits 4 billion is the
number of distinct address values that can be composed). Here, with the first 24
bits of our address (64.52.25) we are narrowing in
on a particular little 256-address segment within that number line. Within the
segment, the network address further positions us with final precision. This
idea of sectioning off the 4 billion addresses into separately addressable
subordinate pieces is called subnetting, and the resulting pieces or address
groups are called subnets.
It's true! - I knew the Chicago River flows backwards, but
learned from you today it's
see/do - the homework column of course
outline, section 5 ("netmask legality"). due on sputnik
in the "assignments" subdirectory of your home directory end-of-day
Wednesday March 28
read, specifically - the write-up at the link entitled
"Masks, routing, and subnets" in course outline section 7
and the reading material in section 5, which includes coverage about
upcoming topic arp
view - videos in course outline section 4 homework column
read, generally - readings shown in the course outline and link entitled
"Reading list, per chapter." The latter is what I want you
to read, from the textbook, for the whole course. Read
forward to succeeding sections to prepare for upcoming topics. I
will not further specify which items to read when. Read them all,
for the entire course, in concert with in-class coverage as we
By now or very soon you should have done the readings for sections
1-5 in the course outline. At that point, keep going week by week.
Routing - important formulations of
the "route" command
Three kinds of routes can appear in a routing table: host route for a
specified individual machine, network route for a specified grouping
of them, default route as catch-all for everything (unspecified)
else. Here are the four key linux command formulations by which you
add such routes to a routing table. Though there are 3 kinds of
routes, note that 4 command formulations appear. We mentioned
the concept of gateways (machines other than the destination, to
which you would send the destination's packets for forwarding). That
accounts for there being 2 network route formulations below. One is
for the case where the routed-to network is the one you yourself are
plugged into, the other for the case where that network is
"foreign" or "elsewhere" to you.
Add route to a machine (host route):
route add –host 192.168.4.2 eth0
Add route to a group of machines (network route -
route add –net 192.168.4.0 netmask 255.255.255.0 eth0
Add route to a group of machines (network route - gatewayed)
route add –net 192.168.5.0 netmask 255.255.255.0 gw 192.168.4.1
Add route to “any and all” (default route)
route add default gw 192.168.4.1
Study these commands intently and try to internalize the semantic meaning they embody.
route command - differs in syntax and scope somewhat from
the linux command of the same name. But it is kindred in spirit and
operates on the very same internet protocol (though not the same
coded implementation of it). The internet protocol is defined
outside Microsoft and outside linux. Both Microsoft and linux
programmers have taken their hand to writing programs that do
what the protocol defines. Including a "route" command to
manipulate the protocol's route table. In Windows, open a command
box and execute "route print" if you wish to see the route
Network size for common netmasks:
||# of one bits:
||# of zero bits:
||Implied network size:
Lego project - make a router
for your toy trains. (3/17)
Installing fiber - there's a
Certificate for that! Amateurs
need not apply. I received this publisher promotion by email.
is optical data fiber found? - along rail, utility,
and road rights-of-way,
and underwater. (3/10)
Who owns the fiber? Companies
like Level 3. They rent
rights-of-way from the right-of-way owners. Level 3 (acquired by
Century Link in 2017) has built an
wide network. A downtown L.A.
datacenter allows you to co-locate your equipment where it can
tap directly into their channels for faster and greater capacity
data traffic than could be achieved at other endpoint locations in
the city. (3/10)
Undersea cabling - former
student Philip Postovoit did the service of researching cabling quite
thoroughly. Of the many links
about it he sent me, I found particularly interesting:
submarine cable map
(click individual cables)
shipboard loading, seabed laying youtube video
Haut débit en eau profonde
"Contrary to conventional wisdom, satellites play a minimal role in the operation of the internet. Nearly 99% of international phone and data traffic goes through [submarine
cables] like ours." Patricia Boulanger, Alcatel Submarine Networks
transatlantic data cable by Microsoft/Facebook/Telexius
Homework - see "Homework" posting below dated 2/14. It's now current.
Wireshark, protocols, and people
--how many protocols does it support? - Apparently the number
of protocols supported has reached about 2000.
--who pays these open-source people, anyway? - in most
cases nobody. Open source is a labor of love and mostly programmers
don't get paid. As for who they are in the case of Wireshark, a list
of "contributors" appears at the bottom of the Wireshark
man page (that means "manual" page, the traditional form
of unix/linux documentation-- give the command "man wireshark"
on a linux computer to see it). To my surprise it lists about 850
Packet capture files for you from the "wireshark"
I performed the exercise while running Wireshark and saved the
traffic into capture files. You can open my files in Wireshark, to
replay and analyze what I did.
The IP addresses of the machines I used were 192.168.1.10 and 192.168.1.12.
Those are reflected in the captures. Get
the files (unzip) then open them in Wireshark. You can then ponder the questions the exercise asks and use the captures to help
you understand. The files are:
for section 4: echo-udp.cap echo-tcp.cap
for section 7: login-telnet.cap login-ssh.cap
for section 8: http.cap
Satisfy yourself you have a pretty good idea what you
are looking at. In particular, compare the header structures you see
in the captured frames with the ones mapped out in the TCP/IP Pocket
Reference Guide. And, practice using Wireshark's "Follow TCP
stream" feature, found by right-clicking on packets in the
packet list pane. It will starkly and unmistakably extract the
password used in the telnet login session. And it will reveal the
content of the web page obtained in the http browse session. There is nothing to turn in.
What other data link protocols
besides ethernet are out there? You might instead have
protocol ("dial up")
transfer mode (ATM)
802.11 ("wi-fi") in
What's the difference?
ARPANet, Leonard Kleinrock's network (now, the Internet),
used dedicated connections between computer nodes. He made a phone
call to Stanford from UCLA. The wire employed belonged to the phone
company. The wire was not used by any other nodes, during the phone
call. It was not shared. It was dedicated. Nodes that used it owned
it and did not have to compete for it with any other nodes.
ALOHAnet, Norm Abrahamson's satellite based network among
islands in Hawaii, used a satellite that could service only one
connection at a time, and that all participating computer nodes
had to use. So necessarily, nodes had to share it. It was
non-dedicated. Nodes that used it did not own it and had to compete
for it with all other nodes.
Ethernet was derived from ALOHAnet, and relied on a shared
medium too. But while the ALOHAnet medium was radio to the satellite, the ethernet medium was
a copper wire. (3/2)
see/do - the homework column of course
outline, section 4 ("ethernet frames"). due on sputnik
in the "assignments" subdirectory of your home directory end-of-day
read - readings shown in the course outline through section
4; also read
forward to succeeding sections as you have time, to prepare for upcoming topics.
listen - to Bob Metcalfe talk about inventing
RFC process -
how protocols get created. Here is a
current example, HTTP
2 which was published as an RFC in May, 2015. See in particular
timeline that has led it to this point. (2/24)
of Microsoft Network Monitor courtesy of a former
student. Compare the interface with Wireshark's.
Course outline -
with approximate weekly topic coverage corresponded to related
readings, homework assignments, and in-class slides I will use.
do the reading and homework shown in the "Reading" and
"Homework" columns of the course outline's topic #1.
Cover art on Tannenbaum textbook:
What is it??
asks the switchboard operator. The switchboard is a board. It's for
switching. Switching changes a circuit between you and somebody. It can
complete a circuit to your Aunt Bheulah in Iowa City so you can
thank her for the knit socks. After you hang up if you want to call
your uncle in Waco you'll need to switch circuits, to get a circuit
to him instead of her. That's what the operator does for you. The
"switch"ing in "switch"board is circuit
switching. Nowadays in computer networks it's not circuit switching
anymore, it's packet switching.
Functional layering - the famous "Open Systems
Interconnect" model is depicted below. Somebody once had the
idea that maybe there could be a way to get independent computer
systems of different types to be able to exchange information with
one another. The diagram blueprints the idea for "how in the
world are we going to make that work??" That idea is the
subject of this course.
First-day administrative information you will
need to know:
- explaining use of class computers.
A Remote Unix system
will be created for you.
Distributing files from sputnik to the class as a whole,
publicly - the above file transfer discussion describes file movement
to and from your own home directory, exclusive to you. Sometimes I will
want to have someplace to put a file so everybody can get to it and
download it. When I do that, here's
how to download them.
Using ssh (secure shell). ssh is an important tool you will use
for interacting with remote computers. For that you will need an ssh
client. There are a number of ssh
Running linux at home.
Slides available online - for
most if not all slides I will show in class. Links to them can be
found in the "Slides" column of the course outline.
Course-long textbook reading -
a chapter-by-chapter list ( 6th edition,
5th edition ). The textbook is divided into chapters and they in turn into numbered
sections. The list tells you which sections to read for this
course when chapters are assigned. For example if I assigned chapter
10 and it had 17 sections, if this list specifies "10.1-100.5,
10.7, 10.12-17" it means I didn't feel sections 10.6 nor
10.8-11 were relevant enough so I only list the balance of the
chapter. Read unlisted portions for your own interest if you wish,
but the listed sections are what's officially assigned to you.
Textbook - Computer
Networks and Internets,
sixth edition, Douglas Comer, Pearson Prentice Hall , 2015.
Wireshark - is an excellent free packet capture utility.
What is a packet, and why caputre it? We'll talk about that later. I
will ask you to install and use Wireshark later in the semester,
assuming you have a linux or windows computer available on which to
do so. Please visit Wireshark's
Opportunity - I'm happy to tell you
that as a class we have the fortunate invitation to use a network testbed
facility operated by USC/ISI called DETER. I will request individual DETER
accounts for you; when they are created you will get an email message with
info and credentials. In class I will describe DETER and how we will use it.
This will come some weeks into the semester. In the meantime, you
can explore the links under the heading "DETER net testbed" at
left if you like.