NetworkingBasics - SH/SC Wiki

Basic Networking Information with TCP/IP

This page intends to provide a basic rundown on the structure and operation of TCP/IP networks, including IP addresses, what they mean, how they are used, and so forth. It doesn't go in depth on a lot of topics, but I'm just aiming to provide an overview here. (Feel free to edit it if you want to add detail or correct something that I've missed.)

Since I transcoded this from my web page's HTML, it's missing a lot of links and suchlike. Oh well.

NB: if you see something like (*1) it's my way of doing footnotes.

IP Addresses and Subnets

Let's start with a basic fact. Every computer on a network (called a host) has an IP Address. This is akin to a phone number: no two connected hosts can have the same one (*1), or else confusion would result. The IP address (or simply IP) in the form of four numbers, ranging from 0 to 255 (*2), seperated by periods:

aaa.bbb.ccc.ddd

*1 As a general rule, this is true; NAT is an exception. Look for my NAT information page hopefully coming soon.
*2 There are some numbers with special meaning, so it's more like 1 through 254. But the idea is there. Just be aware of this - only use 192.168.*.* for private networks, and don't connect those addresses to the 'net at large. You shouldn't have to assign your own IP manually, and if you do, you hopefully know what you're doing (and wouldn't be here). Check out the "More on IP Addresses" section below.

Seperate computers can communicate by directly "talking" to one another, as long as they are on the same subnet. This is determined by the subnet mask, which is stored along with the IP and has the same form, except the last several numbers are normally 0. While entire volumes have been written on the topic of IP subnetting, I'll just present a simplified version. In order to determine what subnet a host is on, take the IP and check it against the subnet mask. Wherever the mask's number is 0, the subnet also has a 0, like so:

IP Address 123.123.123.123 Subnet Mask 255.255. 0 . 0 Hosts' Subnet 123.123. 0 . 0

In effect, the subnet mask and the IP address are used as inputs to an "and" operation. It makes sense like this if you treat each part of the IP as an 8-bit binary number, and whenever both of them are 1, then the subnet address has a 1 there. (Then, go back to decimal, of course.)

So, this computer could communicate with any other computer on the 123.123.0.0 subnet, meaning any computer with an IP 123.123.x.x and mask 255.255.0.0. Computers directly connected via a hub or switch are generally on the same subnet, in order to facilitate efficent communication.

As an aside, I use the term packet fairly frequently. Basically, a packet is a small unit of information that has a sender's address, a recipient's address, and contains some data. The sender will split up large data sets into a bunch of small packets, and the stream will include information so the reciever can re-assemble them in the correct order.

Gateways and Routing

If a computer wants to connect to another host which is on a different subnet, and can determine this fact by looking at the subnet mask, it sends the packet to a gateway, which is a specific type of router. (Along with the IP and subnet mask, a computer needs a default gateway set in order talk to hosts not on its subnet.) This device is connected to two seperate networks at once, and facilitates communication between the two. A gateway can take packets from the local network and either directly send them to a host on another connected network, or to another gateway which can do the same. The Internet is a series of networks interconnected with routers, so a packet from one host gets passed through a series of routers before it reaches its destination, and the reply is passed back along in the same manner.

Along with the IP address, the TCP/IP protocol (which defines the format of IP addresses, and the packets which are exchanged) specifies that a host has a number of different ports from which connections can originate and which remote hosts can connect to. Each host has ports numbered from 1 through 65536, and incoming connections specify a destination port along with the IP. Ports are usually written with IP addresses in the format IP:port, like so:

123.123.123.123:5678

A server running on a computer usually runs on a standard port. For example, HTTP, or web browsing, runs on port 80, so a web browser knows to send requests to that port in order to retrieve a page.

More on IP Addresses

An "IP Address" is a unique reference to a networking device. The format and mechanisms are defined by the TCP/IP standard, which is maintained by the Internet Engineering Task Force. The TCP standard was first described in 1981 with RFC 793, for use on the ARPAnet.

The format of an IP address is a "dotted quad", which simply means four numbers concatenated by periods in the form:

a.b.c.d

For simplicity's sake, each number a-d is represented by one byte. This means that the valid range of numbers is 0 through 255. However, further RFCs specify a number of reserved IP addresses. Some of these are:

192.168.*.* - private addresses, meaning they are not directly connected to the internet without some form of NAT
10.*.*.* - same as above
any address ending in ".0", ".0.0", or ".0.0.0" - this defines a subnet and therefore is illegal for a host to use

In addition, no part of an IP address can be 255, as this is defined as the "broadcast" address and all hosts on the corresponding subnet will answer to it.

Each network adapter in a computer must have its own IP address. No two computers on the same network can have the same IP address. The only exception to this rule is for the private addresses as mentioned above. Network Address Translation, or NAT, is often used in homes and small businesses to connect multiple computers to one internet connection. This is necessary because Internet Service Providers (ISPs) generally only allocate one IP address per cable or DSL connection (multiple IPs cost extra.)

Why not just plug more computers in, and set your own IP addresses? Because each computer on the internet is, logically, connected to every other one, and it's impossible to know if another computer is (or will be) using that IP. Address space is regulated by ICANN, the Internet Commission for Assigned Names and Numbers. ISPs are given a block of addresses that they can use for subscribers (and organizations such as universities are also given large blocks, but they ultimately get them through ISPs.) In addition, packets would most likely not be routed correctly, due to the way the ISP uses subnetting. NAT provides a workaround, so that an unlimited number of computers can be connected through one IP address, but raises its own set of problems. (Personally, I believe NAT to be a regrettably necessary evil, at least until the switch to IPv6, or ISPs get their heads out of their asses.) I once came across the following as a message of the day on an IRC server, and I agree with it:

- Second, we get overwhelmed by requests to add special access for
- LAN parties and small businesses running NAT (for the
- illiterate, if your IP address starts with 192.168. or 10., you are
- probably running NAT -- and your personal freedom is severely
- restricted).
-
- Please understand; our answer will always be NO. It always has
- been, and it always will be. I will try to put this in simple
- terms; NAT (Network Address Translation) and similar "technologies"
- (masquerading, etc) are detrimental to the Public Internet.
-
- NAT destroys the end-to-end transparency of the Internet. If you
- do not understand this or the ramifications of this, please READ
- UP ON IT and make up your mind. It is a short-term, detrimental
- solution to a long-term problem which is most easily solved by
- USING UP ALL AVAILABLE IPV4 ADDRESSES AS SOON AS POSSIBLE to force
- a transition to IPv6.

This brings us to the next topic. IPs, as described above, have a limited number of available addresses. Although this number is quite large (254^4, or 4,162,314,256, minus the reserved ones), given the current rate of growth we may very well come close to having that many hosts on the 'Net. This is where IPv6 comes in. Instead of 4 1-byte numbers, IPv6 builds on that to include 16 bytes worth of address information. IPv6 Addresses can be written in the form:

a:b:c:d:e:f:g:h

where each letter represents four hexadecimal digits (each hex digit represents four bits, so each letter above represents two bytes) Read RFC 2373? for more information on IPv6.

Ports and Their Functions

Ports are a way for a host to carry on a large number of concurrent TCP/IP "conversations" at once. Every host has 65536 (=2^16) ports on a given network interface. Each packet sent between two hosts has, in addition to a source and destination IP address, source and destination port numbers. Services running on the host often "listen" on a given port for incoming connections, and there are standard ports for specific services. A partial list follows:

21: ftp (file transfer protocol)
22: ssh (secure remote login)
23: telnet (insecure remote login)
80: http (web pages)
110: pop3 (email)
443: https (secure web pages)
5900: VNC (remote GUI login)
6881-6999: bittorrent

The general trend is that important system services run on ports lower than 1024. In fact, a program must be run with administrative priviliges in order to listen on a low port. (*1) However, any program can listen on a higher port number. Connections also traditionally originate from a randomly assigned high numbered port.

*1 This is only partially true on Windows platforms. But then again, Windows is often incapable of doing anything according to reason or convention, so I would expect no less from it.

Use of the "netstat" command on both windows and linux platforms gives a listing of current connections, including source, destination, and ports. Also, on linux platforms, /etc/services contains a list of services and their associated port numbers.