Presentation is loading. Please wait.

Presentation is loading. Please wait.

Computer Networks II By: Ing. Hector M Lugo-Cordero, MS.

Published byAnn May Modified over 8 years ago

Similar presentations

Presentation on theme: "Computer Networks II By: Ing. Hector M Lugo-Cordero, MS."— Presentation transcript:

1 Computer Networks II By: Ing. Hector M Lugo-Cordero, MS

2 What is a network? Collection of computers interconnected to share resources A network does not mean Internet access Exposes security issues

3 OSI Model Layers Physical (repeaters/hubs): signals Data Link (bridges/switches): frame Network (routers/L3switches): packet Transport: segment Session Presentation Application: data

4 Network Layer Is responsible of two tasks: –Pre-routing: creates optimal routes from one end node to another storing them in a routing table –Post-routing: communicates data through the network using IP Address (Postal Office) Communication pattern –Unicast: one source, one destination –Multicast: one source, multiple destination –Broadcast: one source, all destination

5 IP Addresses Identify nodes in a network in combination with the subnet mask Is divided into classes, each one has some private ranges –A (1 – 127) Private: 10.x.x.x and 127.x.x.x (localhost) Default subnet mask: 255.0.0.0 24.0.0.0/8 Cable Television Networks –B (128 – 191) Private: 172.16.x.x – 172.31.x.x Default subnet mask: 255.255.0.0 –C (192 – 223) Private: 192.168.x.x Default subnet mask: 255.255.255.0 –E (240  ) Reserved for future use

6 Multicast IP Addresses Class D (224 – 239) –224.0.0.0 – 224.0.0.255 (Reserved) 224.0.0.5 (OSPF Routers) 224.0.0.6 (OSPF Designated Routers) 224.0.0.9 (RIP Routers) –224.0.1.0 – 238.255.255.255 (global) –239.0.0.0 – 239.255.255.255 (local) A widely used multicast protocol is –Protocol Independent Multicasting (PIM) –Uses multicast address 224.0.0.13

7 Sub-netting Sub-netting is using host bits to create subnets Increases the number of networks that can exist Good if we want a lot of networks and fewer hosts

8 Super-netting Super-netting is using network bits to increase the number of hosts Good if we have a single network and need to increase its size to support more hosts Good in combination with vlans Used in our department

9 Interface Configuration (Cisco) Router (config)# interface Router (config-if)# duplex full Router (config-if)# speed 100 Router (config-if)# ip address Router (config-if)# no shutdown Router (config-if)# no keep-alive

10 NAT/PAT Network Address Translation Enables address translation from one interface to another –Typically this translation is from private to public for local computers accessing the Internet When overloaded uses one single IP for many computers by changing the source port –Known as Port Address Translation

11 NAT/PAT Configuration (Cisco) Static: –ip nat source static –ip nat source static network Dynamic: –ip nat pool netmask –ip nat source list pool [overload] The overload command is used to configure PAT Then go to interface and say if it is inside or outside –Router (config-if)# ip nat |

12 Routing Protocols Routing Information Protocol (RIP) –224.0.0.9 Open Shortest Path First (OSPF) –224.0.0.5 and 224.0.0.6 Optimal Link State Routing (OLSR) –Ports 698 and 255.255.255.255 (limited broadcast) Ad hoc On-Demand Distance Vector (AODV) –Used on ZigBees Modules (IEEE802.15.4)

13 Routing Configuration (Cisco) Router (config)# router rip Router (config-router)# network Router (config-router)# version 2 Router (config-router)# end Router # show ip route FOR STATIC ROUTE USE: –Router (config)# ip route |

14 Sub-Interfaces Enable having multiple interfaces on one single router port Useful for interconnecting vlans Physical properties of the interface must be configured in the main interface (e.g. speed, duplex, no shutdown)

15 Sub-Interfaces Configuration (Cisco) Router (config)# interface fa 0/0.1 Router (config-if)# ip address Router (config-if)# encapsulation dot1Q # Router (config-if)# no shutdown

16 Router Security Remote login –Set password on all vty interfaces –Some routers allow TELNET as well as SSH remote sessions Firewalls –Control what kind of traffic passes through you network –Access Control Lists (Cisco) 1 – 99 and 1300 – 1999 (standard ACL) 100 – 199 and 2000 – 2699 (extended ACL) 700 – 799 and 1100 – 1199 (MAC ACL) –Iptables (Linksys with Openwrt)

17 ACL Configuration (Cisco) Standards (can only evaluate source) –Apply it as close to the destination as possible –For a specific host Router (config)# access-list [deny | permit] host [address | hostname] –For a network Router (config)# access-list [deny | permit] [address | hostname] [wildcard] Can be used for specific host –In general Router (config)# access-list [deny | permit] any There is an implicit deny any at the end of all ACLs

18 ACL Configuration (Cisco) Extended (source and destination) –Apply it as close to the source as possible –For a specific host Router (config)# access-list [deny | permit] [proto] host [address | hostname] [info for destination optional] [lt |gt | eq | neq] –For a network Router (config)# access-list [deny | permit] [proto] [address | hostname] [wildcard] [info for destination optional] [lt |gt | eq | neq] Can be used for specific host –In general Router (config)# access-list [deny | permit] [proto] any [info for destination optional] [lt |gt | eq | neq] There is an implicit deny any at the end of all ACLs

19 ACL Configuration (Cisco) MAC (evaluates the MAC address) –Apply it in the same network where the node is connected, since mac are local addresses –Router (config)# access-list [deny | permit]

20 ACL Configuration (Cisco) Applying ACLs Go to the interface and type –Router (config-if)# access-group [in | out] If interface is vty (TELNET) –Router (config-line)# access-class [in | out] Important to know –Applying an ACL that is not created does nothing, all traffic is accepted –Applying an empty ACL blocks everything, remember the implicit deny any

21 iptables Configuration (Linksys) iptables [-t table] command [match] [target/jump] –-t table is used to specify the table to be configured, if none then filter table is used iptables –P FORWARD DROP –-P flag set the default policy in case no rule is matched

22 iptables Configuration (Linksys) Commands –-A is for appending a new rule to a chain –-D is for deleting a new rule from a chain –-L list all rules on a chain –-F flushes a specific chain –-N creates a new chain on the specified table –-X removes a chain from a table –-E rename chain –-P set default action for a chain Built in chains –input, output, forward, prerouting, postrouting

23 iptables Configuration (Linksys) Matches –-p protocol (e.g tcp, udp, icmp) –-s source ip –-d destination ip –-i in interface –-o out interface –-sport source port –-dport destination port –-mac-source source mac

24 iptables Configuration (Linksys) Jumps/target –-j ACCEPT –-j DROP (it is better to use reject) –-j REJECT -reject-with –icmp-net-unreachable –icmp-host-unreachable, –icmp-port-unreachable –icmp-proto-unreachable –icmp-net-prohibited –icmp-host-prohibited –tcp-reset

25 iptables Configuration (Linksys) Examples –iptables –F INPUT –iptables –P INPUT ACCEPT –iptables –A INPUT –dport 23 –j REJECT –Blocks all incoming telnet traffic –iptables –A INPUT –s 10.0.0.1 –dport 23 –j ACCEPT –Accepts all incoming telnet traffic from 10.0.0.1, we should put this first For more on protocols and services –/etc/protocols –/etc/services

26 Wireless Mesh Networking Configure mesh router in ad-hoc mode Install routing protocol such as OLSR on router Terminal nodes should be in ad-hoc mode as well

27 Wireless Mesh Networking In Linux may also use: sudo iwconfig eth1 mode ad-hoc RouterPC

28 IPv6 New IP family with more ip addresses –128 bits instead of 32 –Hex notation instead of decimal notation –Travels using ip tunnels –Router (config-if) # ipv6 … Does not require MAC layer header –IPv6 link local address is derived from MAC address Step 1Step 2

29 OSPFv3 OSPF version for the IPv6 family Is configured inside of the interface –Router (config-if)# ipv6 ospf area Need to configure another ip routing protocol (e.g. ospf, rip) Need to activate ipv6 routing in global configuration mode –Router (config)# ipv6 unicast-routing

30 Transport Layer Ensures connectivity between two end nodes independent of their route Uses ports (doors) to keep connectivity Two protocols are widely used –User Datagram Protocol (UDP) –Transport Control Protocol (TCP)

31 Transport Protocols UDP uses datagram connection to send information faster but does not guarantee delivery and end node has to put segments in order TCP uses virtual circuit ensuring that all segments arrive at destination and in order, however it takes more time. Uses triple handshake

32 Protocols Implementation Stop and wait protocol –Wait for an ACK before sending the next packet –Slow procedure Window protocol –Send a sequence of frames and if retransmission is made retransmit from ACK number forward –Does not retransmit frames with id less than ACK number –More common type of transport protocol (e.g. TCP)

33 Port Forwarding Transport layer technique that involves transferring segments from one port to another so that the other port deals with it –Ex. Pass from port 80 (http) to 21 (ftp)

34 Port Numbers FTP TCP 20, 21 SSH TCP 22 TELNET TCP 23 SMTP TCP 25 DNS UDP 53 DHCP UDP 67, 68 TFTP UDP 69 HTTP TCP 80 MYSQL TCP 3306 RTP UDP 5004 RTCP UDP 5005 VoIP UDP ≥ 1024 IPTV UDP ≥ 1024 Online Games UDP ≥ 1024

35 Applications Session Layer is in charge of scheduling in a multi-user computer who utilizes the network Presentation Layer is in charge of formatting the data depending on the application (JPG, MP3, DOC, etc) Application Layer is in charge of providing interaction with users

36 Dynamic Host Configuration Protocol (DHCP) Is able to pass multiple parameters to nodes –IP Address –Subnet Mask –Default Gateway –DNS Servers, etc.

37 File Transfer Protocol (FTP) Application protocol for downloading files Uses two TCP ports –20 for establishing connection –21 for downloading the file itself It has a faster but less reliable version for UDP called TFTP (Trival FTP) –Uses port 69

38 Domain Name Service (DNS) Translates computer names to ip addresses Makes networks, websites and servers/hosts easier to remember Uses UDP port 53

39 Telecommunications Network (Telnet) vs Secure Shell (SSH) Both enable remote control of a machine Telnet is not secure –telnet rumad.uprm.edu –tcp port 23 Secure shell uses encryption to send data –ssh rumad.uprm.edu? –tcp port 22

40 Packet Sniffer A network tool that allows a network administrator to monitor what kind of traffic is passing through the network Can sniff through different interfaces and log the results Can apply filters to the packets Can analyze packets by layers

41 Ping A network tool to test connectivity with a remote host (all the way up to the application layer) Should be the first thing to be checked (after the power and cable of course) Can be used for a denial of service attack Some routers have extended ping

42 Traceroute A network tool that allows the administrator to see hop by hop how to reach a destination and know where the connectivity is being lost

Download ppt "Computer Networks II By: Ing. Hector M Lugo-Cordero, MS."

Similar presentations

Access Control List (ACL)

Access Control List (ACL)
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 9: Access Control Lists Routing & Switching.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 9: Access Control Lists Routing & Switching.
Chapter 9: Access Control Lists

Chapter 9: Access Control Lists
Interconnecting Networks with TCP/IP

Interconnecting Networks with TCP/IP
IUT– Network Security Course 1 Network Security Firewalls.

IUT– Network Security Course 1 Network Security Firewalls.
Network Certification Preparation. Module - 1 Communication methods OSI reference model and layered communication TCP/IP model TCP and UDP IP addressing.

Network Certification Preparation. Module - 1 Communication methods OSI reference model and layered communication TCP/IP model TCP and UDP IP addressing.
Ipchains and Iptables Linux operating system natively supports packet-filtering rules: Kernel versions 2.2 and earlier support the ipchains command. Kernel.

Ipchains and Iptables Linux operating system natively supports packet-filtering rules: Kernel versions 2.2 and earlier support the ipchains command. Kernel.
WXES2106 Network Technology Semester 1 2004/2005 Chapter 10 Access Control Lists CCNA2: Module 11.

WXES2106 Network Technology Semester /2005 Chapter 10 Access Control Lists CCNA2: Module 11.
Chapter 2 Internet Protocol DoD Model Four layers: – Process/Application layer – Host-to-Host layer – Internet layer – Network Access layer.

Chapter 2 Internet Protocol DoD Model Four layers: – Process/Application layer – Host-to-Host layer – Internet layer – Network Access layer.
1 Version 3.0 Module 9 TCP/IP Protocol and IP Addressing.

1 Version 3.0 Module 9 TCP/IP Protocol and IP Addressing.
Defining Network Protocols Application Protocols –Application Layer –Presentation Layer –Session Layer Transport Protocols –Transport Layer Network Protocols.

Defining Network Protocols Application Protocols –Application Layer –Presentation Layer –Session Layer Transport Protocols –Transport Layer Network Protocols.
Implementing Standard and Extended Access Control List (ACL) in Cisco Routers.

Implementing Standard and Extended Access Control List (ACL) in Cisco Routers.
CCNA2 Routing Perrine modified by Brierley Page 18/6/2015 Module 11 Access Control 172.16.3.0172.16.4.0 Non-172.16.0.0 e0e1 s0 172.16.4.13 server.

CCNA2 Routing Perrine modified by Brierley Page 18/6/2015 Module 11 Access Control Non e0e1 s server.
1 Semester 2 Module 11 Access Control Lists (ACLs) Yuda college of business James Chen

1 Semester 2 Module 11 Access Control Lists (ACLs) Yuda college of business James Chen
CCENT Review. Put the following descriptions in order from Layer 7 to Layer 1 and give the name of each layer.

CCENT Review. Put the following descriptions in order from Layer 7 to Layer 1 and give the name of each layer.
Www.ciscopress.com Copyright 2003 CCNA 1 Chapter 7 TCP/IP Protocol Suite and IP Addressing By Your Name.

Copyright 2003 CCNA 1 Chapter 7 TCP/IP Protocol Suite and IP Addressing By Your Name.
IST 228\Ch3\IP Addressing1 TCP/IP and DoD Model (TCP/IP Model)

IST 228\Ch3\IP Addressing1 TCP/IP and DoD Model (TCP/IP Model)
Process-to-Process Delivery:

Process-to-Process Delivery:
Interior Gateway Routing Protocol (IGRP) is a distance vector interior routing protocol (IGP) invented by Cisco. It is used by routers to exchange routing.

Interior Gateway Routing Protocol (IGRP) is a distance vector interior routing protocol (IGP) invented by Cisco. It is used by routers to exchange routing.
Data Communications and Networks

Data Communications and Networks

Similar presentations

Ads by Google