Tài liệu hạn chế xem trước, để xem đầy đủ mời bạn chọn Tải xuống
1
/ 30 trang
THÔNG TIN TÀI LIỆU
Thông tin cơ bản
Định dạng
Số trang
30
Dung lượng
267,5 KB
Nội dung
MANAGINGTCP/IPNETWORKSManagingTCP/IP Networks: Techniques, Tools and Security Considerations. Gilbert Held Copyright & 2000 John Wiley & Sons Ltd Print ISBN 0-471-80003-1 Online ISBN 0-470-84156-7 MANAGINGTCP/IP NETWORKS: TECHNIQUES, TOOLS, AND SECURITY CONSIDERATIONS Gilbert Held 4 Degree Consulting Macon, Georgia, USA JOHN WILEY & SONS, LTD Chichester . New York . Weinheim . Brisbane . Singapore . Toronto ManagingTCP/IP Networks: Techniques, Tools and Security Considerations. Gilbert Held Copyright & 2000 John Wiley & Sons Ltd Print ISBN 0-471-80003-1 Online ISBN 0-470-84156-7 Copyright #2000 by John Wiley & Sons Ltd Baf®ns Lane, Chichester, West Sussex, PO19 1UD, England National 01243 779777 International (+44) 1234 779777 e-mail (for orders and customer service enquiries): cs-books@wiley.co.uk Visit our Home Page on http://www.wiley.co.uk or http://www.wiley.com All Rights Reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except under the terms of the Copyright Designs and Patents Act 1988 or under the terms of a licence issued by the Copyright Licensing Agency, 90 Tottenham Court Road, London, UK W1P 9HE, UK, without the permission in writing of the Publisher, with the exception of any material supplied speci®cally for the purpose of being entered and executed on a computer system, for exclusive use by the purchaser of the publication. Neither the authors nor John Wiley & Sons Ltd accept any responsibility or liability for loss or damage occasioned to any person or property through using the material, instructions, methods or ideas contained herein, or acting or refraining from acting as a result of such use. The authors and Publisher expressly disclaim all implied warranties, including merchantability of ®tness for any particular purpose. There will be no duty on the authors or Publisher to correct any errors or defects in the software. Designations used by companies to distinguish their products are often claimed as trademarks. In all instances where John Wiley & Sons is aware of a claim, the product names appear in initial capital or capital letters. Readers, however, should contact the appropriate companies for more complete information regarding trademarks and registration. Other Wiley Editorial Of®ces John Wiley & Sons, Inc., 605 Third Avenue, New York, NY 10158-0012, USA WILEY-VCH Verlag GmbH Pappelallee 3, D-69469 Weinheim, Germany Jacaranda Wiley Ltd, 33 Park Road, MIlton, Queensland 4064, Australia John Wiley & Sons (Asia) Pte Ltd, 2 Clementi Loop #02-01, Jin Xing Distripark, Singapore 129809 John Wiley & Sons (Canada) Ltd, 22 Worcester Road Rexdale, Ontario, M9W 1L1, Canada Library of Congress cataloging-in-Publication Data Held, Gilbert, 1943- ManagingTCP/IP networks: techniques, tools and security considerations/Gilbert Held. p. cm. ISBN 0-471-80003-1 (alk. paper) 1. TCP/IP (Computer network protocol) 2. Computer networks± Management. I. Title. TK5105.585.H447 2000 99-44748 004.6'2 Ð dc21 CIP British Library Cataloguing in Publication Data A catalogue record for this book is available from the British Library ISBN 0 471 80003 1 Typeset in 10/12pt Bookman-Light by Dobbie Typesetting Limited Printed and bound in Great Britain by Bookcraft (Bath) Ltd This book is printed on acid-free paper responsibly manufactured from sustainable forestry, in which at least two trees are planted for each one used for paper production. ManagingTCP/IP Networks: Techniques,Tools and Security Considerations. Gilbert Held Copyright & 2000 John Wiley & Sons Ltd Print ISBN 0-471-80003-1 Online ISBN 0-470-84156-7 CONTENTS Preface xv Acknowledgments xvii 1Introduction 1 1.1 Rationale for network management 1 1.1.1 Cost of service interruptions 2 1.1.2 Size and complexity of networks 2 1.1.3 Performance monitoring 2 1.1.4 Coping withequipment sophistication 3 1.2 The network management process 3 1.2.1 The OSI framework for network management 4 Con®guration/change management 4 Fault/problem management 5 Performance/growthmanagement 6 Security/access management 7 Accounting/cost management 7 1.2.2 Other network management functions 8 Asset management 8 Planning/support management 9 1.3 Tools and systems 9 1.3.1 Monitoring tools 10 1.3.2 Diagnostic tools 10 1.3.3 Computer-based management systems 10 1.4 Book preview 11 1.4.1 The TCP/IP protocol suite 11 1.4.2 The Internet Protocol 12 1.4.3 The transport protocols 12 1.4.4 DNS operations 12 1.4.5 Layer 2 management 12 1.4.6 Layer 3 and layer 4 management 13 1.4.7 SNMP and RMON 13 1.4.8 Management by utility program 13 1.4.9 Security management 13 ManagingTCP/IP Networks: Techniques, Tools and Security Considerations. Gilbert Held Copyright & 2000 John Wiley & Sons Ltd Print ISBN 0-471-80003-1 Online ISBN 0-470-84156-7 2 TheTCP/IP Protocol Suite 15 2.1 Evolution 15 2.2 Governing bodies 16 2.2.1 The IAB 16 2.2.2 The IANA 16 2.2.3 The IETF 17 2.2.4 RFCs 17 2.3 The ISO Reference Model 18 2.3.1 Layers of the OSI Reference Model 19 Layer 1: The physical layer 19 Layer 2: The data link layer 19 Layer 3: The network layer 20 Layer 4: The transport layer 20 Layer 5: The session layer 21 Layer 6: The presentation layer 21 Layer 7: The application layer 21 2.3.2 Data ¯ow 22 2.3.3 Layer subdivision 22 Addressing 22 Universally vs. locally administered addresses 24 2.4 The TCP/IP protocol suite 24 2.4.1 Comparison withthe ISO Reference Model 25 The network layer 25 ICMP 26 The transport layer 26 TCP 26 UDP 26 Port numbers 26 2.4.2 Application data delivery 27 3TheInternetProtocol 29 3.1 The IPv4 header 29 3.1.1 Vers ®eld 30 3.1.2 Hlen and Total Length®elds 30 3.1.3 Type of Service ®eld 30 3.1.4 Identi®cation ®eld 31 3.1.5 Flags ®eld 32 3.1.6 Fragment Offset ®eld 32 3.1.7 Time-to-Live ®eld 33 3.1.8 Protocol ®eld 33 3.1.9 Checksum ®eld 33 3.1.10 Source and Destination Address ®elds 33 3.1.11 Options and Padding ®elds 36 3.2 IP addressing 36 3.2.1 Overview 37 3.2.2 IPv4 38 vi CONTENTS The basic addressing scheme 39 Address classes 40 Address formats 40 Address composition and notation 41 Special IP addresses 42 Class A 42 Class B 43 Class C 43 Class D 44 Class E 44 Reserved addresses 45 Subnetting and the subnet mask 46 Host addresses on subnets 48 The subnet mask 49 Con®guration examples 50 Classless networking 52 3.3 The IPv6 header 53 3.3.1 Ver ®eld 55 3.3.2 Priority ®eld 56 3.3.3 Flow Label ®eld 57 3.3.4 Payload Length®eld 57 3.3.5 Next Header ®eld 57 3.3.6 Hop Limit ®eld 57 3.3.7 Source and Destination Address ®elds 58 3.3.8 Address types 58 3.3.9 Address notation 58 3.3.10 Address allocation 59 Provider-Based Unicast addresses 60 Multicast address 61 3.3.11 Transporting IPv4 addresses 61 3.4 ICMP and ARP 62 3.4.1 ICMP 62 ICMPv4 62 Type ®eld 62 Code ®eld 63 ICMPv6 64 Type ®eld 64 Code ®eld 64 3.4.2 ARP 64 Need for address resolution 67 Operation 67 Hardware Type ®eld 68 Protocol Type ®eld 68 Hardware Length®eld 68 Protocol Length®eld 68 Operation ®eld 69 Sender Hardware Address ®eld 69 Sender IP Address ®eld 69 CONTENTS vii Target Hardware Address ®eld 70 Target IP Address ®eld 70 ARP notes 70 4TheTransportLayer 73 4.1 TCP 73 4.1.1 The TCP header 74 Source and Destination Port ®elds 74 Port numbers 75 Well-known ports 75 Registered port numbers 76 Dynamic port numbers 76 Sequence Number ®eld 76 Acknowledgment Number ®eld 78 Hlen ®eld 78 Reserved ®eld 78 Code Bit ®elds 78 URG bit 79 ACK bit 79 PSH bit 79 RST bit 79 SYN bit 79 FIN bit 79 Window ®eld 79 Checksum ®eld 80 Urgent Pointer ®eld 80 Options ®eld 80 Padding ®eld 81 4.1.2 Operation 81 Connection types 82 The three-way handshake 82 Segment size support 83 The Window ®eld and ¯ow control 84 Timers 85 Delayed ACK 85 FIN-WAIT-2 timer 85 Persist 86 Keep Alive 86 Slow start and congestion avoidance 86 4.2 UDP 87 4.2.1 The UDP header 87 Source and Destination Port ®elds 88 Length®eld 88 Checksum ®eld 88 4.2.2 Operation 88 5 The Domain Name System 89 5.1 Evolution 89 viii CONTENTS 5.1.1 The HOSTS.TXT ®le 89 5.2 DNS overview 90 5.2.1 The domain structure 91 5.2.2 DNS components 92 Resource records 92 Name servers 93 Resolvers 93 The resolution process 93 5.3 The DNS database 95 5.3.1 Overview 95 5.3.2 Resource records 96 5.3.3 Using a sample network 98 5.3.4 DNS software con®guration 98 The BOOT ®le 98 5.3.5 Using resource records 100 SOA record 101 NS records 101 MX records 101 A records 102 CNAME records 102 PTR records 102 Loopback ®les 103 All-zero/all-ones ®les 103 For further resolution 104 5.3.6 Accessing a DNS database 105 nslookup 105 The Whois command 112 6 Layer 2 Management 113 6.1 Ethernet frame operations 113 6.1.1 Ethernet frame composition 114 Preamble ®eld 115 Start-of-Frame Delimiter ®eld 115 Destination Address ®eld 115 I/G sub®eld 116 U/L sub®eld 117 Universal versus locally administered addressing 117 Source Address ®eld 118 Type ®eld 120 Length®eld 121 Data ®eld 122 Frame Check Sequence ®eld 123 6.2 Ethernet media access control 124 6.2.1 Functions 125 6.2.2 Transmit media access management 126 6.2.3 Collision detection 128 Jam pattern 128 Wait time 128 CONTENTS ix Late collisions 130 6.3 Ethernet Logical Link Control 130 6.3.1 The LLC protocol data unit 130 6.3.2 Types and classes of service 132 Type 1 132 Type 2 133 Type 3 133 Classes of service 133 6.4 Other Ethernet frame types 133 6.4.1 Ethernet_SNAP frame 133 6.4.2 NetWare Ethernet_802.3 frame 134 6.4.3 Receiver frame determination 135 6.5 Fast Ethernet 135 6.5.1 Start-of-Stream Delimiter 136 6.5.2 End-of-Stream Delimiter 136 6.6 Gigabit Ethernet 136 6.6.1 Carrier extension 137 6.6.2 Packet bursting 139 6.7 Token-Ring frame operations 139 6.7.1 Transmission formats 140 Starting/ending delimiters 141 Differential Manchester encoding 141 Non-data symbols 142 Access control ®eld 143 The monitor bit 146 The active monitor 146 Frame Control ®eld 147 Destination Address ®eld 147 Universally administered address 148 Locally administered address 148 Functional address indicator 148 Address values 148 Source Address ®eld 149 Routing Information ®eld 151 Information ®eld 152 Frame Check Sequence ®eld 152 Frame Status ®eld 152 6.8 Token-Ring Medium Access Control 154 6.8.1 Vectors and subvectors 155 6.8.2 MAC control 156 Purge frame 157 Beacon frame 157 Duplicate Address Test frame 158 6.8.3 Station insertion 158 6.9 Token-Ring Logical Link Control 159 6.9.1 Service Access Points 159 DSAP 160 SSAP 160 x CONTENTS 6.9.2 Types and classes of service 161 6.10 Summary 161 7 Layer 3 and Layer 4 Management 163 7.1 Using WebXRay 163 7.1.1 Overview 164 7.1.2 Operation 164 Autodiscovery 165 Service selection 167 Topology discovery 167 Hosts information 168 Services information 169 Traf®c measuring 169 Server Host Table 170 Server±Client Matrix Table 171 IP Host Table 171 IP Matrix Table 171 Protocol distribution 173 Filtering and packet decoding 174 7.2 Using EtherPeek 176 7.2.1 Operation 176 Packet capture 176 Filtering 177 Selective packet capture 179 Packet decoding 179 7.2.2 Network statistics 182 8SNMPandRMON 185 8.1 SNMP and RMON overview 185 8.1.1 Basic architecture 186 Manager 186 Agents 187 Management Information Base 188 8.1.2 RMON 188 Probes and agents 188 MIBs 188 Operation 189 Evolution 190 8.2 The SNMP protocol 191 8.2.1 Basic SNMP commands 191 GetRequest 192 GetNextRequest 192 SetRequest 193 GetResponse 193 Trap 194 8.2.2 SNMP version 2 194 New features 195 GetBulkRequest 196 CONTENTS xi [...]... of the TCP/IP protocol suite needs to recognize the importance of those management tools and appropriately cover these areas of communications technology With the focus of this book on managingTCP/IP networks, coverage of SNMP and RMON is an integral part Another key area of TCP/IP network management is network security, which is also covered in this book Recognizing that the size of TCP/IP networks. .. use of the Internet Each of these rapidly growing areas of communications technology is based upon the TCP/IP protocol suite, which has exploded in use over the past decade Accompanying this growth is the need to manage TCP/IP networks, which is the focus of this book Because the management of TCP/IPnetworks requires detailed knowledge of the protocol suite, the ®rst few chapters in this book are focused... be performed by ®rewalls Managing TCP/IP Networks: Techniques, Tools and Security Considerations Gilbert Held Copyright & 2000 John Wiley & Sons Ltd Print ISBN 0-471-80003-1 Online ISBN 0-470-84156-7 2 THE TCP/IP PROTOCOL SUITE This chapter represents the ®rst of four that have been included to provide you with an in-depth examination of the operation of key areas of the TCP/IP protocol suite In this... capability that is used by academia, government agencies, businesses, and home computer users Networks constructed using the TCP/IP protocol suite range in scope from a small hub-based local area network in a home of®ce to the giant network of interconnected networks known as the Internet As the use of the TCP/IP protocol suite proliferated, so did its support of a range of new applications that only... postal services of different countries This growth in the use of the TCP/IP protocol suite makes both individuals and organizations highly dependent upon the use of TCP/ IP-based networks to perform their normal day-to-day tasks 1.1.1 Cost of service interruptions As a result of the previously described dependence upon the use of TCP/IPbased networks, interruptions or small abnormal situations can have serious... I experimented with different networking tools and techniques while working on this book Managing TCP/IP Networks: Techniques, Tools and Security Considerations Gilbert Held Copyright & 2000 John Wiley & Sons Ltd Print ISBN 0-471-80003-1 Online ISBN 0-470-84156-7 1 INTRODUCTION In less than thirty years the TCP/IP protocol suite has evolved from a Department of Defense research initiative into a ubiquitous... to the use of the TCP/IP protocol suite, a protocol referred to as the Network Control Program (NCP) was employed Soon limitations of NCP resulted in its replacement by the Transmission 16 THE TCP/IP PROTOCOL SUITE Control Program (TCP), which eventually formed the basis for the TCP/IP protocol suite In fact, by 1983 all computers connected to the ARPAnet were restricted to using the TCP/IP protocol... upon the use of the TCP/IP protocol These networks included the National Science Foundation network (NSFnet), New York State Educational Research Network (NYSERnet), California Educational Research Network (CERFnet), and the Southeastern University Research Association (SURAnet) Gradually, all of these networks were connected via the ARPAnet backbone to form a network of interconnected networks By 1989,... developed NAPs were conceived as locations where companies that constructed their own networks could interconnect such networks via the concept of public peering Today thousands of Internet Service Providers (ISPs) connect their networks to NAPs operated by approximately 20 companies, with NAPs considered to represent backbone networks that span major geographical areas 2.2 GOVERNING BODIES Although the Internet... today's communications environment are the size and complexity of networks, their operating costs and performance, and the ability to learn enough information to take advantage of the sophistication of the protocol suite 1.1.2 Size and complexity of networks As the need for communications expanded, the size, complexity, and operating cost of networks increased in tandem This was a driving force for the . MANAGING TCP/IP NETWORKS Managing TCP/IP Networks: Techniques, Tools and Security Considerations Gilbert, 1943- Managing TCP/IP networks: techniques, tools and security considerations/Gilbert Held. p. cm. ISBN 0-471-80003-1 (alk. paper) 1. TCP/IP (Computer