Network Technologies After you have a medium running from one place to another, you need to put a network on top of it. There are many different approaches, the most common of which is Ethernet. Most of the other network technologies have been devel- oped to address one or another limitation of Ethernet — speed, distance, or the need for a cable. Table 12-1 summarizes the key characteristics of the most common local network technologies — Ethernet and wireless. Table 12-1 Characteristics of Common Network Technologies Characteristic Ethernet Wireless Data rate 10 or 100 Mbps 1 to 54 Mbps Maximum distance 185 m (607 feet) for 10s of feet to miles between stations 10Base-2; up to 2.8 km for optical fiber (1.7 miles) Logical topology Bus Bus Physical topology Star, bus Point-to-point or star Media Optical fiber, twisted-pair, Radio coaxial cable Access method CSMA/CD TDMA, FDMA, CDMA In addition to networks having overall characteristics, every network imple- mentation has a specific medium it uses to transmit signals. Collectively, we’ll call the network medium its cable (or cable type), ignoring the fact that wire- less transmissions don’t have a physical cable. Ethernet Ethernet was among the earliest networks. The initial version of Ethernet used a thick coaxial cable about 0.4 inches in diameter. Later copper-based versions used a thinner coaxial cable, before the evolution to today’s twisted copper pairs. For example, one of the oldest surviving variants of Ethernet, 10Base-2, uses flexible coaxial cable to carry the LAN signal, and makes connections with a twist-lock BNC connector. Limitations on the transmission characteristics of the 10Base-2 signal and cable cause restrictions on the way you use 10Base-2 to connect computers: ✦ No external transceiver or AUI cable — The 10Base-2 transceiver is built into the adapter card in your PC. A tee coaxial connector mounts on the back of the board, and the cable attaches to both sides of the tee. If one side of the tee has no cable attached, a terminator attaches directly to the tee. You must not use a segment of cable to space the tee away from the adapter card. Chapter 12 ✦ Wired and Wireless Networking 179 ✦ No spur directly connected segments — No branches off the 10Base- 2 cable are allowed — even to connect a computer to the associated tee connector. The cable must run to the tee connector directly on the adapter card. ✦ Maximum transmission length — The maximum segment length is 185 meters (607 feet). You can attach up to 30 computers to a seg- ment. There are no special spacing requirements between computers except that the minimum spacing is 0.5 meters (1.6 feet). If you open the coaxial cable at any point, the entire network segment goes down. You can remove a computer from a 10Base-2 segment, but you have to do it by removing the tee connector from the back of the computer. It’s very common to use a short spur segment from the tee connector to the back of the computer, but it’s a very bad idea. The spur causes signal reflections, degrading the signal on the network and causing errors. The error rate goes up as the load on the network goes up, and as the number of spurs (and their length) goes up. If you have a 10Base-2 network, check the connectors, terminators, and especially the tees often. Cracked parts make your LAN unreliable or inoperative. By far the dominant Ethernet cabling technology is twisted-pair — a bundle of four pairs of wires, each pair twisted together, and the entire set wrapped in an outside jacket. There are two variants of twisted-pair network wiring, 10Base-T (which runs at 10 Mbps), and 100Base-T (which runs at 100 Mbps). The two variants are commonly termed 10/100Base-T when it doesn’t matter which one you’re talking about. 10/100Base-T attaches only one computer to each wire segment, combining segments to form the network. Each segment contains two twisted-pairs of wire: one pair for transmitting and one for receiving. The wires have an RJ-45 modular connector (slightly larger than the usual RJ-11 connector on most telephones) at each end (Figure 12-1). One end connects to the computer, while the other connects to a device that joins all the separate segments together (Figure 12-2). That device is called a hub or a switch, depending on its internal characteristics. You can get hubs and switches to join from 4 to 24 (or more) segments together and can join hubs and switches together to create even larger networks. Ethernet switches increase twisted-pair network performance by letting many computers transmit at the same time, separating the traffic of each computer pair from the rest. Twisted-pair connections can be up to 100 meters (328 feet) long. If you allow 10 meters (total) for connections within a wiring closet and from the wall to the computer, the in-wall wiring can be up to 90 meters. Both unshielded twisted- pair (UTP) and shielded twisted-pair (STP) are used, differing in that STP has shielding wrapped around the conductors to minimize noise and interference. Therefore, STP has better transmission characteristics than UTP, but twisted- pair wiring is almost universally done with UTP. Twisted-pair wiring provides separate wire pairs for transmitting and receiving. Twisted-pair can therefore operate in full-duplex, which means that it’s possible for a computer to trans- mit and receive simultaneously. 180 Part V ✦ Networks and Communications Figure 12-1: RJ-45 connector on Ethernet cable ©2004 Barry Press & Marcia Press Figure 12-2: Twisted-pair Ethernet (10/100Base-T and gigabit Ethernet) attaches one computer per cable. If any one wire goes down, the rest of the computers are unaffected. In addition to the division between shielded and unshielded wire, there are cat- egories of twisted-pair wiring, differentiated by their capability to transport the network signal without distortions, called Category-3, -5, -5e, and -6. Category-3 is the usual voice-grade wiring that is commonly pre-wired in buildings. Twisted-pair segments Twisted-pair segments Wiring hub Chapter 12 ✦ Wired and Wireless Networking 181 Categories-5, 5e, and 6 use successively higher-quality cables and connectors. If you ever plan to upgrade from 10Base-T to 100Base-T, you want to start with Category-5, 5e, or 6. Your network runs no better than its worst wiring compo- nent. In other words, use Category-3 connectors with Category-6 wire and you have a Category-3 network. Table 12-2 summarizes the twisted-pair wiring categories. You should avoid Category-3, but any of the other three are suitable for home, home office, and small networks. If you’re building a large LAN, plan on using Category-5e or Category-6. Table 12-2 Twisted-Pair Wiring Specifications Specification Frequency Rating Application Category-3 Basic, nonupgradeable twisted-pair networks Category-5 100 MHz Basic Fast Ethernet networks without full-duplex links, or (risky) gigabit Ethernet networks Category-5e 100 MHz Fast Ethernet networks running (Enhanced Category-5) full-duplex Gigabit Ethernet networks Category-6 250 MHz Gigabit Ethernet networks (solid) Ethernet cables in the walls typically terminate at RJ-45 jacks, and you use patch cords to connect from the wall jacks to computers, hubs, switches, or other devices. Patch cords have RJ-45 plugs at both ends. If you have the tools to attach the modular connectors, you can make twisted-pair patch cables yourself. If not, you’ll have to order them in the right length. Either way, if you make a cable that reverses the transmit and receive pairs between the connectors — a crossover cable — you can connect two computers directly, without a wiring hub. Twisted-pair interfaces monitor the link status, and most provide a light to indicate that the link is up. You have to check the lights at both ends, though, because link status is based on the receive side only. Ethernet is designed for shared media. Point-to-point wiring (such as twisted- pair) connects the wiring segments together electrically in most cases, creating a shared medium through the wiring hub. Similarly, Ethernet can be either half- duplex or full-duplex, depending on the physical medium and attached network devices. Ethernets use carrier sense with collision detection to support multi- ple access. When any given transmitter has something to send, it listens on the network to try to verify that no other device is currently transmitting. If the network appears idle, it starts to send. Because transmitters can be relatively far apart, however, it’s possible for two transmitters to sense that the network 182 Part V ✦ Networks and Communications is idle and both start to transmit at roughly the same time. Ethernet trans- ceivers detect this occurrence and schedule a retransmission. The time for the retransmission is based on a random number to help the two colliding stations avoid further contention. The shared medium amounts to a “cloud” that interconnects all nodes on the network equally. Addresses in each network message define both the source and the destination of the message. Keep in mind that an unencrypted shared medium (such as Ethernet) is inherently insecure. On any one network segment, every packet arrives at every transceiver, and a transceiver programmed to listen to all addresses indiscriminately hears them all. This is useful for building network analyzers, but it means that, with the right software, the traffic from the executive suite to marketing is equally visible to anyone else connected to the network. Another downside of Ethernet has been its limitation to 10 or 100 Mbps on a sin- gle segment. As fast as that seems, when you start to transfer huge files across the network (such as raw video recordings) or connect tens or hundreds of computers to a single segment, network performance accessing the file servers quickly becomes intolerable. Gigabit Ethernet solves that problem, offering full-duplex Ethernet operation on your existing unshielded twisted-pair wiring at 1,000 Mbps. Table 12-3 shows the variants of Gigabit Ethernet: Table 12-3 Gigabit Ethernet Variants Designation Media Distance 1000Base-SX Multimode optical fiber (850 nm) 500 m 1000Base-LX Multimode and single mode optical fiber (1300 nm) 500 m to 2 km 1000Base-CX Short-haul copper (“twinax” shielded twisted-pair) 25 m 1000Base-T Long-haul copper over unshielded twisted-pair 25 to 100 m The compatibility with existing wiring simplifies deployment, although distance limitations may be a factor. The first uses of gigabit Ethernet were to connect servers to networks and to interconnect switches as the network backbone. High-performance applications such as video editing are driving gigabit Ethernet out towards individual computers. The need for gigabit Ethernet isn’t specula- tion. A high-performance server can, today, generate sustained network traffic in the 300 Mbps and up range, so a highly loaded backbone with several servers will benefit from the performance boost. You could see performance gains in the home or small office too — for example, a 10GB video file that takes about 20 minutes to transfer between computers over 100 Mbps Ethernet would take only a minute and a half over gigabit Ethernet. Chapter 12 ✦ Wired and Wireless Networking 183 Ethernet adapters are one of the products that we’re picky about. Networks are difficult enough to set up and keep running reliably; you don’t need extra excitement on that front. We’ve found adapters from 3Com, Linksys, and NET- GEAR dependable, as well as adapters built into the Intel motherboards, and have the scars to prove that less expensive isn’t always better. We’ve thrown away a network card that was a solid piece of hardware, for example, because it had an admittedly buggy driver that the vendor never fixed. We recommend using motherboards with built-in Ethernet adapters, such as that on the Intel D875PBZ motherboard (Figure 12-3). Otherwise, 10/100/1000Base-T adapters — stay with the top manufacturers — are a commodity you can buy based on price and availability. Either way, market price pressures have driven the adapters to be integrated into little more than a single chip. Figure 12-3: 10/100/1000Base-T Ethernet adapter built into the Intel D875PBZ motherboard ©2004 Barry Press & Marcia Press Gigabit Ethernet is new enough that it’s particularly important to use adapters (and other network components) from first-line manufacturers. Wireless transmission Wireless networks use radio or light waves to communicate between stations. The frequencies for radio-based networks vary based on national licensing. Systems in the United States often use bands designated by the Federal Communications Commission for “unlicensed” operation, meaning that, after Ethernet RJ-45 connector USB 2.0 connectors 184 Part V ✦ Networks and Communications the manufacturer has qualified the equipment, the operator doesn’t need spe- cial training or licensing. Optical systems often use infrared frequencies (light waves just below the visible spectrum). Some of the key characteristics are: ✦ Range — Radio systems have ranges up to tens of miles. Infrared systems are typically limited to a few hundred feet. ✦ Blockage — Radio waves penetrate walls and floors with varying degrees of success. Light waves require a direct line of sight between the transmitter and receiver. ✦ Data rate — Radio systems don’t always carry the usual 10 Mbps Ethernet rate, particularly at longer ranges. Radio data rates vary from 1 Mbps to hundreds of megabits per second, with the most common variants running between 1 and 54 Mbps. Short-range infrared systems tend to operate at speeds of 10 to 100 Kbps, although some operate as fast as 4 Mbps. Wireless networks can operate with point-to-point topologies, like twisted-pair networks, or with shared access, like coaxial-cable networks. Optical wireless and many radio wireless networks use a central node, called a base station, which corresponds to a wiring hub in a 10/100Base-T network. Transmissions between computers go through the base station and are retransmitted after reception if the destination is also on the wireless network. (Base stations are commonly attached to a wired network as well, giving the mobile units access to the wider network.) Networks organized with a base station generally transmit out of the base station on one frequency and receive on another; the computers reverse the frequency assignments. Radio networks without a base station let all units transmit on the same frequency. In either scheme, wireless networks require a method for collision detection. The carrier sense/collision detection approach used in Ethernet doesn’t work well on wireless networks because of the time delay between the start of the transmission and when the receiver notices the carrier. The relatively long latency while the receiver locks up on the signal creates too long a window in which a second transmitter might start operations and step on the transmis- sions of the first one. That’s why many wireless networks use an access scheme that positively identifies the next station allowed to transmit. Some radio networks use spread spectrum technology to isolate transmissions from one another. Spread spectrum is an inherently noise resistant transmission. There are two forms of spread spectrum: frequency hopping and direct sequence. ✦ A frequency hopper divides the overall allocated spectrum into many small bands, transmitting for only a brief moment in one before hop- ping to the next. The hops are made in a predetermined sequence. Frequency hoppers resist interference and jamming by either avoid- ing the noisy channels or dwelling in them for a very short a time. ✦ The second form of spread spectrum, direct sequence, enables all the transmitted signals to use the entire allocated band at once. The greater the ratio of the available channel bandwidth to the data rate, the more interference and jamming-resistant the signal will be. Chapter 12 ✦ Wired and Wireless Networking 185 186 Part V ✦ Networks and Communications The advantages that wireless networks have over wired ones are mobility and not having to run wires (not as silly as it sounds). In addition to being able to move around — useful if you’re taking inventory in a warehouse, for example — a wireless connection can solve the problem of linking networks that have physical barriers between them. Point-to-point wireless links can solve the problem of how to cross roads and railways between building networks, or of how to cross parts of a town without the expense of a leased telephone line. Multidrop wireless networks can simplify linking stations on several floors of the same building when it’s impractical to run wires between the networks. Wireless networks are generally more expensive than their wired equivalents, so you want to use them only where mobility or access is an issue. IEEE specification 802.11 standardizes the most common wireless LAN tech- nologies. There are three variants, IEEE 802.11b, 802.11a, and 802.11g. ✦ IEEE 802.11b — Also known as WiFi (for Wireless Fidelity), IEEE 802.11b networks run at rates from 1 to 11 Mbps over relatively short ranges. You can run a WiFi network in ad hoc mode, in which two computers talk directly among themselves, or in infrastructure mode, in which the computers talk through a central wireless access point (Figure 12-4). Access points are commonly packaged with routers to create a device that interfaces both the wireless network and a LAN together and to an external Internet connection. IEEE 802.11b net- works operate at 2.4 GHz frequencies, a band shared by wireless tele- phones, Bluetooth networks, and a variety of other equipment. IEEE 802.11b network installations have grown explosively in recent years, and the equipment has become quite inexpensive. Figure 12-4: Wireless LAN modes Infrastructure modeAd hoc mode To wired LAN Chapter 12 ✦ Wired and Wireless Networking 187 Sharing Frequencies with Spread Spectrum There’s an interesting operation computers do on numbers, called “exclusive or” or “XOR.” The XOR operation is interesting because if you do it twice, you get back your original number. For instance, if we compute 11001010 XOR 11111111 we get 00110101. All the bits in the initial number have flipped. If we repeat the operation on the result and do 00110101 XOR 11111111 we get 11001010 again. Now, suppose we take two digital signals: one a real data stream and one a much faster stream of random numbers. If we XOR the two streams together, we pretty much get garbage out, but we can throw away the garbage and get back the data stream if we repeat the XOR using the exact same random number sequence. In a nutshell, that’s what direct sequence spread spectrum does. It combines your data with a fast random number stream in the modulator and extracts it back out from the random numbers in the demodulator. Of course, if you fol- lowed that as well as we did the first time someone waved the idea at us, you’ve got a blank look and you’re thinking “So what?” (or worse) about now. Here’s why this is really good. The frequency spectrum a signal takes up is pro- portional to how fast the data goes. Double the data rate, and (everything else being the same) you double the spectrum. If you keep the power level the same, the power at any specific frequency is less because the total power is being divided over a greater range of frequencies. In the transmitter, having the mod- ulator mix the data with the random numbers widens the spectrum of the trans- mitted result (because we use a fast random number stream). Now, watch what happens in the receiver. You mix the random numbers back in with the received signal, and two things happen: First, the actual signal gets con- tracted back from its wideband spectrum to the narrower one needed for the actual (slower) data rate. Second, the random number mix spreads out any noise signals that the receiver happened to pick up. Unless they contain just the right random number sequence (which they don’t), the mixing operation works just like spreading data in the transmitter. The power of the data signal gets col- lected back into a narrow range, and the power of the noise gets spread out into a wide range. Signal power goes up and noise power goes down. The best part of this is that lots of us can talk in the channel at the same time. Your transmitter and receiver use a different random number sequence than ours. Because we use a different sequence, my receiver doesn’t despread your transmission; it stays spread out, so it remains low power noise. We simply don’t hear you. ✦ IEEE 802.11a — You won’t get the full (raw) data rate from a wireless network, which means IEEE 802.11b wireless LANs (WLANs) are rela- tively slow. They’re fast enough for surfing the Internet, but terrible for file transfers and other operations on a LAN. Engineers developed IEEE 802.11a in response, a WLAN specification running in the 5.6 GHz frequency band and operating at 54 Mbps. IEEE 802.11a equipment never dropped in price enough for the standard to be used widely because of the challenges its higher frequency band presented, and has now been eclipsed by the IEEE 802.11g standard. ✦ IEEE 802.11g — If you imagine (functionally) a hybrid with IEEE 802.11b frequencies (so it’s cheaper) and IEEE 802.11a speed, you have the idea for IEEE 802.11g, which runs in the 2.4 GHz band at speeds up to 54 Mbps. Standardized equipment only first appeared in 2003, but it entered the market at the then-current prices for IEEE 802.11b gear (which immediately dropped in price). IEEE 802.11g runs at full speed in pure IEEE 802.11g WLANs, or can throttle back somewhat to operate compatibly in IEEE 802.11b WLANs. Unfortunately, the IEEE 802.11 designers were not experienced cryptologists, and they inadvertently produced a system that was by default easily penetrated and — even using what’s called Wired Equivalent Privacy (WEP) — relatively insecure. It’s been demonstrated that, with the right equipment and software, you can monitor WEP-encrypted WiFi traffic and recreate the encryption key. After you have the key, the network might as well have no security because you’ll be able to use the network just as if you were authorized to use it. Worse yet (or better, depending on which side you’re on), the more traffic on your network, the easier it is to penetrate, and you can penetrate a WEP network anonymously. IEEE 802.11g equipment offers a WiFi Protected Access (WPA), a newer, stronger security technology. WPA is itself a subset of the yet more capable IEEE 802.1x security standard. Even if your equipment doesn’t support WPA or IEEE 802.1x, however, you can (at the price of some one-time aggravation) make a WiFi network more secure. Here’s what you should do: ✦ Disable broadcast SSID — WiFi WLANs identify themselves with a service set identifier (SSID), which names the network and works (loosely) like a password. Unfortunately, most wireless access points transmit their SSIDs by default, which is pretty much like standing in the street and shouting your bank card PIN. Unless you have equip- ment that requires the access point to broadcast the SSID, turn this feature off. If you do leave it on, change the SSID to something other than the default. ✦ Turn on WEP, and use 128-bit keys — You shouldn’t rely on WEP to be absolutely secure, but the cracker next door isn’t less likely to have the tools, systems, or know-how to break it. WEP is a lot better than nothing (unless you’re using 64-bit keys, which are far weaker than 128-bit keys). 188 Part V ✦ Networks and Communications [...]... Chapter 13 ✦ Hubs, Switches, Routers, and Firewalls 207 Table 13-1 Private TCP/IP Network Addresses Subnet Address First Node Address Last Node Address 10.0.0.0 10.0.0.1 10. 255 . 255 . 254 172.16.0.0 172.16.0.1 172.31. 255 . 254 192.168.0.0 192.168.0.1 192.168. 255 . 254 A pure NAT implementation rejects all unsolicited incoming messages because it doesn’t know which PC is the intended destination That’s the... -| 0 | 161 .58 .180.113 | win101 15. iad.dn.net | | | 1 | 161 .58 .176.129 | | 0 | | 2 | 161 .58 . 156 .140 | | 0 | | 3 | 129. 250 .26.206 | ae0-3.r02.stngva01.us.da.verio.net | 0 | | 4 | 129. 250 .5. 34 | p16-0-1-1.r21.dllstx01.us.bb.verio.net | 31 | | 5 | 129. 250 .28.164 | ge-1-0-0.a10.dllstx01.us.ra.verio.net | 31 | | 6 | 129. 250 .31.44 | ge-1-1.a00.dllstx04.us.ra.verio.net | 31 | | 7 | 157 .238.228.38 | |... File and print server Client computers Figure 13 -5: Adding a file and print server The advantage of setting up a server — even on a home network — is that it keeps the resources you use available no matter what’s happening on any other client PC Your brother can be crashing his PC hourly, and no matter what other PC you’re using, you need not care what he’s doing, because your 198 Part V ✦ Networks and. .. wireless access device connecting to a PC with USB is inexpensive, but connects only one PC unless you then route out through the PC to the LAN That takes a little work (see the next chapter) and can prevent PCs on your other LANs from seeing the computers on the other side of the wirelessly connected PC You can do the job easily with the Xbox wireless adapter, and without any routing issues, because... access video from the home surveillance system on your PC Chapter 23 shows you how to set up the surveillance, and the sidebar “Cable/DSL Router Security and TrackerCam” shows you how to forward selected incoming messages from the Internet to one specific PC Standalone firewalls Packet filters and NAT reject incoming attacks, so they protect you from worms and keep people from connecting to your shared disk... all the subsets (isp.net and net in this case) are domain names, too Network Security and Firewalls The analogy between the Internet and the real world is remarkably complete — there are many good people in both, and enough losers to make both the Internet and the real world places to be careful As in the real world, though, attacks and threats on the Internet don’t just occur randomly — they happen in... responses to requests from your PC, but do it with a very different approach called Network Address Translation (NAT) The original impetus for the development of NAT was the problem of sharing a single Internet IP address among several PCs NAT maps normal network messages on your LAN, using individual IP addresses and standard port numbers on all your PCs, to a single IP address and a large number of otherwise... he’s doing, because your 198 Part V ✦ Networks and Communications e-mail files and the printer are accessible through the server So long as no one sits down at the server and starts using it directly as a PC, it should stay stable and reliable Better yet, you can load the server up with huge disks and use that storage from any PC on your network Routers There comes a point when it’s neither practical nor... vulnerable your data and systems are to accidental or malicious damage (or theft) ✦ Scalability — Networks grow, and you’ll want to be able to accommodate growth without having to rip all your equipment out and start over You’ll need to think about connecting more users, more sites, more storage, and more capacity Securing your network with packet filters and firewalls ✦ ✦ ✦ ✦ 194 Part V ✦ Networks and Communications... through that hierarchy, you’ll understand there’s a consistency to them that makes working with networks straightforward Examining networking protocols and plumbing Understanding IP, DNS, and the networking alphabet soup Configuring file and printer sharing ✦ Network Protocols Computers talk to one another only in very structured ways A computer has to identify itself and carry on a “conversation” with . buildings. Twisted-pair segments Twisted-pair segments Wiring hub Chapter 12 ✦ Wired and Wireless Networking 181 Categories -5, 5e, and 6 use successively higher-quality cables and connectors. If you ever plan to upgrade from 10Base-T to 100Base-T,. Multimode optical fiber ( 850 nm) 50 0 m 1000Base-LX Multimode and single mode optical fiber (1300 nm) 50 0 m to 2 km 1000Base-CX Short-haul copper (“twinax” shielded twisted-pair) 25 m 1000Base-T Long-haul. terrible for file transfers and other operations on a LAN. Engineers developed IEEE 802.11a in response, a WLAN specification running in the 5. 6 GHz frequency band and operating at 54 Mbps. IEEE 802.11a