CS70 Network Fundamentals & Architecture

David Morgan
Santa Monica College
see syllabus for email address

Be greater than average




Grade information

Reading list, per chapter:
 6th edition
 5th edition

Course outline

SMC dates/deadlines

DETER net testbed
  get/use an account
  news report (pbs)


Textbook's website

RFC lookup

Remote Unix access with ssh

Fundamental Unix Commands

Protocols: non-cyber examples

MAC address assignments
 - listing
 - search

TCP/IP - Intro to the IP Protocols

TCP/IP Pocket
Reference Guide
 - IPv4 version
 - IPv6 version

Wireshark doc
html   pdf

Network calculators:
  here's one
  and another
  and a third

Real world DSL
  - a DSL order

commercial routers

Selected protocols






echo (port 7)

discard (port 9)

chargen (port 19)



Section 1724  9:00a - 12:05p Sat Bus 263

This Website (http://homepage.smc.edu/morgan_david/)  will be used extensively to communicate with you. Announcements, grade reports, and assignments will be posted here. Please access the website from any SMC computer lab. Alternatively, it can be viewed from an internet-connected browser anywhere. You are responsible for awareness of the information posted here.

Thank you - for taking the course. We covered a lot since February, starting and ending with the OSI model. I hope what you learned proves useful in your future personal, academic, and professional projects. (6/8)

Grades - are complete and up-to-date as of today, to the best of my knowledge, at link entitled "Grade information" at left. They show two averages, one that does and one that does not account for the DETER internetworking exercise. I will determine how heavily to weight that exercise, with these showing examples of a maximum (6) and minimum (0) weighting applied. I will accept this exercise through Tuesday, June 11 (it asks you to email me a screenshot). Beyond that, tonight's test remains to be factored into your final grade average. Please call any anomalies to my attention. (6/8)

Other courses I teach - are known to you from the main website front page. There, you can see the class-specific pages from recent semesters for a concrete idea of their exact content (particularly see the course outlines).

CS40 - Operating Systems

CS41 - Linux Workstation Administration

CS75 - Network Protocols further depth and variety on the topic beyond CS70 (2hr credit)

CS78 - Secure Server Installation & Administration  
In this class, with cooperation from USC/ISI, we will have accounts on the DETER testbed where we will create remote test networks. (6/8).

Grades - are up-to-date. Please call any anomalies in the grades to my attention. (6/1)

Final exam date - Saturday, June 8, in our classroom at class time. Please bring a scantron. (5/24)

Letter-upgrader variants - that I showed you last week. They bestow a protocol on the otherwise protocol-less original letter upgrader pair. The original client sends a letter to the original server, which robotically and single-mindedly sends the next letter of the alphabet back. The new versions allow either the next, or possibly instead the previous, letter to be returned. The client now has to tell the server which, and the server has to differentially respond accordingly. That's a protocol. (5/23)

Various services and the server programs and protocols they use.

Service Server Linux executable Protocol used
name BIND /usr/sbin/named dns
web APACHE /usr/sbin/httpd http
MS sharing SAMBA /usr/sbin/smbd smb
address DHCP /usr/sbin/dhcpd dhcp
socket demo CHOMPER /opt/socketdemo/byteme none
letter upgrade letter upgrade server4 none, really


TCP (and UDP) Ports you should know
Q: where do the "well-known port" numbers come from?
A: IANA (Internet Assigned Numbers Authority) 

Q: what are the well-known port assignments?
A: the list is long (cf., /etc/services on any linux box or equivalent C:\WINDOWS\system32\drivers\etc\services on XP)
note: udp and tcp ports are separate/independent; udp port 53 is not tcp port 53

Q: which ones should we know for this class?
A: 21, 22, 23, 25, 53(udp), 80, 110, 123 (look up what service each belongs to, above)

reading - do the remaining reading.
listen - to dns.avi, course outline section 13 homework column  (5/11)

do - the activities in course outline section 12, homework column, about ping, nmap, netstat
listen - to the narrated versions of the slides about ping and netstat, course outline section 12 slides column
watch - this comparing switches vs. hubs.  (5/5)

Grades - have been updated at link entitled "Grade information" at left. Includes error detection and test. (5/4)

Firewalls - related to networks and security both, are given dedicated treatment in the security course CS78 not this networking course. The command in linux that implements firewall rules, and hence firewalls (which are collections of rules expressing responses to be taken to packets with certain characteristics), is iptables. The alternative firewall command found in FreeBSD is pf. The logic of all firewalls is the same, and the internal implementation is highly similar (an in-memory data structure, something like a bitmap, applied to packets). The syntax of the command or GUI application that actually does the implementation is where firewalls differ with one another. (If you take CS78 you will do a DETER exercise in which you exercise firewalls, similar to but beyond the cursory use of iptables in your current CS70 internetworking exercise on DETER.) (5/4)

Homework - 
read - material in reading and homework columns of course outline section 10. (4/27)

Homework - 
do - "error detection," course outline section 9 Homework column. due on sputnik (as stated in class last week) before midterm on Saturday morning 4/27 (which has questions featuring this topic). (4/26)

Hello Central, give me 209 - in TCP/UDP client-server terms (diagram below), what is Lightnin' Hopkins? Central? his baby? 209?
Please google: "Hello Central, give me heaven," "Hello Central, give me No Man's Land," A Connecticut Yankee in King Arthur's Court (search it for "hello") 
Among these examples, why does "Hello Central, give me 209" offer the best analogy? (11/10)



Who are IANA? Where are they? What is their job?

Electronic Frontier Foundation's HTTPS-Everywhere plug-in for Firefox and Chrome is one measure that can render arp spoofing in, for example, a coffee shop unuseful for the spoofer/eavesdropper. FYI. (4/21)

Midterm exam - test will be April 27. Please see the "Readling list, per chapter" link, above left, which indicates which chapters' material will be covered by the exam. Please bring a Scantron form 882 (green). (4/20)

Sample captures courtesy of wireshark.org - in order to study a protocol in Wireshark you could run that protocol live while simultaneously capturing it. Or instead you can take the captured results of others' activities without having to run the protocol of interest yourself. For example, if the kerberos authentication protocol interests you but you have no account on any kerberos server so can't run it yourself, you can grab krb-816.zip which holds a full trace of kerberos in operation, and open it up in Wireshark for scrutiny. Many such pre-captured protocols are available on the site (above "Sample captures" link). (4/20)

Grades - have been updated, link entitled "Grade information" at left. Look yourself up by your constructed anonymous ID number (also used as you sputnik.smc.edu password) (4/18)

No class April 13 - SMC's spring break is that week. (4/5)

In-class exercise to build an internetwork - will occupy the entire 3 hours, no lecture. Planned to be performed April 13. Please review the instructions in advance. Here is the photo of the whiteboard map of the class internetwork built by a previous class. We/you will do similarly. (3/30)

- this exercise on internetworking, which extends the one we did in class. This is to be done on DETER, remotely, using the DETER accounts issued to you.
what to turn in - as the product of this assignment, please make a screenshot of the web page you get at the end of the exercise in the subsection "5. Port forwarding" of the section "Tasks." (This will be the screen on NWworkstation1 that is obtained there when you execute the lynx browser to get content from the web server located on SWworkstation1.) Send the screenshot to me as an email attachment to morgan_david@smc.edu please. - will be due at the end of the course.

Respond within 72 hours please - to an auto-generated email message from DETER that you will receive at your SMC email address. I will create DETER accounts for you. The email message should be self-explanatory and requires a password change within 72 hours. (4/5)

Midterm exam reading - there will be a midterm. Please see the "Readling list, per chapter" link, above left, which indicates which chapters' material will be covered by the exam. Continue reading with the aim of reading all those chapters by the midterm date, upcoming. (3/30)

Golden rules for deciding how to ship a packet (Fore Systems "IP packet delivery"):

We reviewed the concept behind the "IP packet delivery": if IP thinks a destination IP address is local it arps for that IP address, if not it arps for the IP address of its default router (which comes from the routing table). Everything hinges on what "local" means. That is a function of the given destination address, the local address, and the local netmask. Network calculators and/or the linux "ipcalc" command can help you recreate IP's "thinking process" in this regard for particular subnets, addresses, and netmasks.

A related description of the thinking process comes from our textbook, Computer Networks and Internets, Douglas Comer (see p. 368 fifth edition). (3/23)

Homework - 
do - "subnet partitioning," course outline section 7 Homework column. Turn in on paper in class March 30
do - "IP packet delivery," course outline section 7 Homework column. due on paper in class Saturday March 30
do - "MAC vs IP addresses," course outline section 7 Homework column. due on sputnik end-of-day Wednesday April 4
(The latter two assignments focus on the same understanding.) (3/23)

Double match?? - what would happen if an IP packet's destination address matched two entries in the routing table. To which of the two interfaces would it be sent? Is this even possible? (3/23)

Last week - we learned that if we knew an IP network (e.g., say we knew this one: then we know what addresses are in it (can you list those in my example network?). But conversely, what if we know an address, and want to know what network it's in (e.g., say we know address What does it take to answer that question? (Can you give a network that my example address belongs to?)


Network Address  +  Netmask  =  Subnet
It's useful to think of a network (a.k.a. subnet) as being defined by a position, and an extent measured from that position, on the continuum of IP addresses represented as a number line. A network is definitively identified by a 2-component ID. The first is its network address and the second is its netmask. 

It is the network address that establishes the position or starting point of the address range or block that is the network. And it is the netmask that establishes its extent or size. As an example consider a network whose network address is and whose netmask is (the one that signifies "thirty-two" as size). The number line below is a microscopic segment of the number line for the whole internet. That number line is 4 billion addresses in length (because with 32 bits 4 billion is the number of distinct address values that can be composed). Here, with the first 24 bits of our address (64.52.25) we are narrowing in on a particular little 256-address segment within that number line. Within the segment, the network address further positions us with final precision. This idea of sectioning off the 4 billion addresses into separately addressable subordinate pieces is called subnetting, and the resulting pieces or address groups are called subnets.


Homework - 
see/do - the homework column of course outline, section 5 ("netmask legality"). due on sputnik in the "assignments" subdirectory of your home directory end-of-day Sunday March 24
read, specifically -
the write-up at the link entitled "Masks, routing, and subnets" in course outline section 7
view - videos in course outline section 4 homework column
read, generally - readings shown in the course outline and link entitled "Reading list, per chapter." The latter is what I want you to read, from the textbook, for the whole course. Read forward to succeeding sections to prepare for upcoming topics. I will not further specify which items to read when. Read them all, for the entire course, in concert with in-class coverage as we proceed. By now you should have done the readings for sections 1-5 in the course outline. From that point, keep going independently week by week.

Routing - important formulations of the "route" command
Three kinds of routes can appear in a routing table: host route for a specified individual machine, network route for a specified grouping of them, default route as catch-all for everything (unspecified) else. Here are the four key linux command formulations by which you add such routes to a routing table. Though there are 3 kinds of routes, note that 4 command formulations appear. We mentioned the concept of gateways (machines other than the destination, to which you would send the destination's packets for forwarding).  That accounts for there being 2 network route formulations below. One is for the case where the routed-to network is the one you yourself are plugged into, the other for the case where that network is "foreign" or "elsewhere" to you.

Add route to a machine (host route):
  route add –host eth0 
Add route to a group of machines (network route - local) 
  route add –net netmask eth0 
Add route to a group of machines (network route - gatewayed) 
  route add –net netmask gw 
Add route to “any and all” (default route) 
  route add default gw

Study these commands intently and try to internalize the semantic meaning they embody. (3/15)

Windows route command - differs in syntax and scope somewhat from the linux command of the same name. But it is kindred in spirit and operates on the very same internet protocol (though not the same coded implementation of it). The internet protocol is defined outside Microsoft and outside linux. Both Microsoft and linux programmers  have taken their hand to writing programs that do what the protocol defines. Including a "route" command to manipulate the protocol's route table. In Windows, open a command box and execute "route print" if you wish to see the route table. (3/15)

Network size for common netmasks:

Netmask: # of one bits: # of zero bits: Implied network size:  24 8 256 (254) 25 7 128 (126) 26 6 64 (62) 27 5 32 (30) 28 4 16 (14) 29 3 8 (6) 30 2 4 (2)


Lego project - make a router for your toy trains. (How is this an applicable analogy to the processing of frames within a computer router?) (3/15)

Grades - have been posted, link entitled "Grade information" at left. Look yourself up by your constructed anonymous ID number (also used as you sputnik.smc.edu password) (3/15)

arp and ping network trace file arpandping.zip contains the trace/capture of our hands-on class activity. You can open it in Wireshark and study it. (3/10)

Electronic Frontier Foundation's HTTPS-Everywhere plug-in for Firefox and Chrome is one measure that can render arp spoofing in, for example, a coffee shop unuseful for the spoofer/eavesdropper. FYI. (3/10)

Homework - 
view/listen - to the audio and video resources in homework column of course outline, section 4 ("ethernet frames")
read - the material about the arp protocol in the Reading column of course outline section 5.
read - the material in the Reading columns of earlier sections of the course outline, portions of textbook chapters per the list at the links under the heading, at left, entitled "Reading list, per chapter" (3/9)

Installing fiber - there's a Certificate for that! Amateurs need not apply. I received this publisher promotion by email.


Where is optical data fiber found? - along rail, utility, and road rights-of-way, and underwater. (3/9)

Who owns the fiber? Companies like Level 3. They rent rights-of-way from the right-of-way owners. Level 3 (acquired by Century Link in 2017) has built an elaborate world wide network. A downtown L.A. datacenter allows you to co-locate your equipment where it can tap directly into their channels for faster and greater capacity data traffic than could be achieved at other endpoint locations in the city. (3/9)

Undersea cabling - former student Philip Postovoit did the service of researching cabling quite thoroughly. Of the many links about it he sent me, I found particularly interesting:
submarine cable map (click individual cables)
manufacture, shipboard loading, seabed laying youtube video
Haut débit en eau profonde (French)
"Contrary to conventional wisdom, satellites play a minimal role in the operation of the internet. Nearly 99% of international phone and data traffic goes through [submarine cables] like ours." Patricia Boulanger, Alcatel Submarine Networks  (3/9)

New transatlantic data cable by Microsoft/Facebook/Telexius completed. (3/9)

Wireshark, protocols, and people
--how many protocols does it support? - Apparently the number of protocols supported has reached about 3000.
--who pays these open-source people, anyway? - in most cases nobody. Open source is a labor of love and mostly programmers don't get paid. As for who they are in the case of Wireshark, a list of "contributors" appears at the bottom of the Wireshark man page (that means "manual" page, the traditional form of unix/linux documentation-- give the command "man wireshark" on a linux computer to see it). To my surprise it lists about 850 people. (3/9)

Homework - 
see/do - the homework column of course outline, section 4 ("ethernet frames"). due on sputnik in the "assignments" subdirectory of your home directory end-of-day Saturday 3/9 (3/2)

What other data link protocols besides ethernet are out there? You might instead have
  point-to-point protocol ("dial up")
  frame relay
  asynchronous transfer mode (ATM)
  802.11 ("wi-fi") in part (3/2)

What's the difference?
ARPANet, Leonard Kleinrock's network (now, the Internet), used dedicated connections between computer nodes. He made a phone call to Stanford from UCLA. The wire employed belonged to the phone company. The wire was not used by any other nodes, during the phone call. It was not shared. It was dedicated. Nodes that used it owned it and did not have to compete for it with any other nodes.
ALOHAnet, Norm Abrahamson's satellite based network among islands in Hawaii, used a satellite that could service only one connection at a time, and that all participating computer nodes had to use. So necessarily, nodes had to share it. It was non-dedicated. Nodes that used it did not own it and had to compete for it with all other nodes.
Ethernet was derived from ALOHAnet, and relied on a shared medium too. But while the ALOHAnet medium was radio to the satellite, the ethernet medium was a copper wire. (3/2)

Packet capture files for you from the "wireshark" in-class exercise
I performed the exercise while running Wireshark and saved the traffic into capture files. You can open my files in Wireshark, to replay and analyze what I did.

The IP addresses of the machines I used were and Those are reflected in the captures. Get the files (unzip) then open them in Wireshark. You can then ponder the questions the exercise asks and use the captures to help you understand. The files are:
 for section 4:  echo-udp.cap  echo-tcp.cap
 for section 7:  login-telnet.cap  login-ssh.cap
 for section 8:  http.cap 

Satisfy yourself you have a pretty good idea what you are looking at. In particular, compare the header structures you see in the captured frames with the ones mapped out in the TCP/IP Pocket Reference Guide. And, practice using Wireshark's "Follow TCP stream" feature, found by right-clicking on packets in the packet list pane. It will starkly and unmistakably extract the password used in the telnet login session. And it will reveal the content of the web page obtained in the http browse session. There is nothing to turn in.  (2/23)

What SMC's wireless internet access service doesn't do - SMC's web page entitled "Wireless Internet Access at SMC" tells you what their service does not do:

"What network services are available?

"Only web access is allowed (http and https). Campus network ports and the wireless network do not allow access to any non-web services such as telnet, FTP, SMTP, POP, IMAP, etc."

At this early stage in the course do you know what that means? I'm not sure. If you don't, you will soon. But if you try to have the service do anything that it doesn't (clean your socks, chill your beer, connect to a remote machine with ssh...) I hope you won't ask me why it didn't work. (2/21)

Homework - 
read - get started, readings shown in the course outline through section 4; also read forward to succeeding sections as you have time, to prepare for upcoming topics.
listen - to Bob Metcalfe talk about inventing ethernet.

RFC process - how protocols get created. Here is a current example, HTTP 2 which was published as an RFC in May, 2015. See in particular the development timeline that has led it to this point. (2/22)

Screenshot of Microsoft Network Monitor courtesy of a former student. Compare the interface with Wireshark's.

Screenshot, Microsoft's Network Monitor sniffer


Course outline - with approximate weekly topic coverage corresponded to related readings, homework assignments, and in-class slides I will use.

Homework - 
do the reading and homework shown in the "Reading" and "Homework" columns of the course outline's topic #1.

Cover art on Tannenbaum textbook:

Networking textbook cover graphic

What is it??

"Number please?" asks the switchboard operator. The switchboard is a board. It's for switching. Switching changes a circuit between you and somebody. It can complete a circuit to your Aunt Bheulah in Iowa City so you can thank her for the knit socks. After you hang up if you want to call your uncle in Waco you'll need to switch circuits, to get a circuit to him instead of her. That's what the operator does for you. The "switch"ing in "switch"board is circuit switching. Nowadays in computer networks it's not circuit switching anymore, it's packet switching.

Phone swithboard operators c. 1950s


Functional layering - the famous "Open Systems Interconnect" model is depicted below. Somebody once had the idea that maybe there could be a way to get independent computer systems of different types to be able to exchange information with one another. The diagram blueprints the idea for "how in the world are we going to make that work??" That idea is the subject of this course.

The 7 layers of the OSI model

First-day administrative information you will need to know:

Handout - explaining use of class computers.

A Remote Unix system account will be created for you.

Distributing files from sputnik to the class as a whole,  publicly - the above file transfer discussion describes file movement to and from your own home directory, exclusive to you. Sometimes I will want to have someplace to put a file so everybody can get to it and download it. When I do that, here's how to download them.

Using ssh (secure shell). ssh is an important tool you will use for interacting with remote computers. For that you will need an ssh client. There are a number of ssh client alternatives.

Running linux at home.

Slides available online - for most if not all slides I will show in class. Links to them can be found in the "Slides" column of the course outline.

Course-long textbook reading - a chapter-by-chapter list ( 6th edition, 5th edition ). The textbook is divided into chapters and they in turn into numbered sections. The list tells you which sections to read for this course when chapters are assigned. For example if I assigned chapter 10 and it had 17 sections, if this list specifies "10.1-100.5, 10.7, 10.12-17" it means I didn't feel sections 10.6 nor 10.8-11 were relevant enough so I only list the balance of the chapter. Read unlisted portions for your own interest if you wish, but the listed sections are what's officially assigned to you.

Textbook - Computer Networks and Internets, sixth edition, Douglas Comer, Pearson Prentice Hall , 2015.

Wireshark - is an excellent free packet capture utility. What is a packet, and why caputre it? We'll talk about that later. I will ask you to install and use Wireshark later in the semester, assuming you have a linux or windows computer available on which to do so. Please visit Wireshark's home page.

Opportunity - I'm happy to tell you that as a class we have the fortunate invitation to use a network testbed facility operated by USC/ISI called DETER. I will request individual DETER accounts for you; when they are created you will get an email message with info and credentials. In class I will describe DETER and how we will use it. This will come some weeks into the semester. In the meantime, you can explore the links under the heading "DETER net testbed" at left if you like.


First message by telegraph 1844

"What hath God wrought?"
May 24, 1844

First message by telephone 1876

"Mr. Watson come here, I want to see you."
March 10, 1876

First message by internet 1969

October 29, 1969