Network Operating Systems

Network operating systems (NOS) typically are used to run computers that act as servers. They providethe capabilities required for network operation. Network operating systems are also designed for clientcomputers and provide functions so the distinction between network operating systems and stand aloneoperating systems is not always obvious. Network operating systems provide the following functions:

• File and print sharing.
• Account administration for users.
• Security.

Installed Components

• Client functionality
• Server functionality

Functions provided:

• Account Administration for users
• Security
• File and print sharing

Network services

• File Sharing
• Print sharing
• User administration
• Backing up data

Universal Naming Convention (UNC)

A universal naming convention (UNC) is used to allow the use of shared resources without mapping adrive to them. The UNC specifies a path name and has the form:

\\servername\pathname

If I have a Linux server called "linux3" with a folder named "downloads" with a file called "readme.txt"in the folder, the UNC is:

\\linux3\downloads\readme.txt

Network Drivers

Driver interfaces allow multiple protocol stacks to use one network interface card. The two in use todayare listed below. they are not compatible with each other.

Open Driver Interface (ODI)

l Multiple Protocol Interface - Provides connectivity from the data link layer to the network layer.l Link Support Layer - It includes functions for managing protocol stack assignments andcoordinating numbers assigned to MLIDs.l Multiple-Link Interface Driver (MLID) - Passes data between the data link layer and the hardwareor the network media. The drivers are protocol-independent.

Allows multiple drivers to be used on one card and lets one protocol use multiple cards.

Network Driver Interface Specification (NDIS)

NDIS, from Microsoft, is used on Microsoft networks. It allows multiple protocols to be used on anetwork card and supports the data link layer of the network model.

Transport Driver Interface (TDI)

This is a standard for passing messages between the drivers at the data link layer and the protocolsworking at the network layer such as IP or NetBEUI. It was produced by Microsoft.

Network Services

Networking Services and Ports

There are two general types of network services, which are connection less and connection oriented.Connection oriented service performs connection establishment, data transfer, and connectiontermination.

Ping

The "ping" program uses ICMP echo message requests and listens for ICMP echo message replymessages from its intended host. Using the -R option with ping enables the record route feature. If thisoption is used ping will set the record route (RR) in the outgoing ICMP IP datagram

Traceroute

The "traceroute" program uses ICMP messaging and the time to live (TTL) field in the IP header. Itworks by sending a packet to the intended host with a TTL value of 1. The first router will send back theICMP "time exceeded" message to the sending host. Then the traceroute program will send a messagewith a TTL of 2, then 3, etc. This way it will get information about each router using the informationreceived in the ICMP packets. To get information about the receiving host, the message is sent to a portthat is not likely to be serviced by that host. A ICMP "port unreachable" error message is generated andsent back.

Telnet

Some telnet command codes and their meanings

Command Code Description

• 236 - EOF
• 237 - SUSP - Suspend the current process
• 238 - ABORT - Abort process
• 239 - EOR - End of record
• 240 - SE - Suboption end
• 241 - NOP - No operation
• 242 - DM - Data Mark
• 243 - BRK - Break
• 244 - IP - Interrupt process
• 245 - AO - Abort output
• 246 - AYT - Are you there
• 247 - EC - Escape character
• 248 - EL - Erase Line
• 249 - GA - Go ahead
• 250 - SB - Suboption begin
• 251 - WILL - Sender wants to enable option / Receiver says OK
• 252 - WONT - Sender wants to disable option / Receiver says not OK
• 253 - DO - Sender wants receiver to enable option / Receiver says OK
• 254 - DONT - Sender wants receiver to disable option / Receiver says not OK

What is Firewall

Firewalls are mainly used as a means to protect an organization's internal network from those on the outside (internet). Itis used to keep outsiders from gaining information to secrets or from doing damage to internal computer systems.Firewalls are also used to limit the access of individuals on the internal network to services on the internet along withkeeping track of what is done through the firewall. Please note the difference between firewalls and routers as describedin the second paragraph in the IP Masquerading section.

Types of Firewalls

1. Packet Filtering - Blocks selected network packets.

2. Circuit Level Relay - SOCKS is an example of this type of firewall. This type of proxy is not aware ofapplications but just cross links your connects to another outside connection. It can log activity, but not asdetailed as an application proxy. It only works with TCP connections, and doesn't provide for user authentication.

3. Application Proxy Gateway - The users connect to the outside using the proxy. The proxy gets the informationand returns it to the user. The proxy can record everything that is done. This type of proxy may require a userlogin to use it. Rules may be set to allow some functions of an application to be done and other functions denied.The "get" function may be allowed in the FTP application, but the "put" function may not.

Proxy Servers can be used to perform the following functions.

• Control outbound connections and data.
• Monitor outbound connections and data.
• Cache requested data which can increase system bandwidth performance and decrease the time it takes for otherusers to read the same data.

Application proxy servers can perform the following additional functions:

Provide for user authentication.

Allow and deny application specific functions.

Apply stronger authentication mechanisms to some applications.

Packet Filtering Firewalls

In a packet filtering firewall, data is forwarded based on a set of firewall rules. This firewall works at the network level.Packets are filtered by type, source address, destination address, and port information. These rules are similar to therouting rules explained in an earlier section and may be thought of as a set of instructions similar to a case statement or ifstatement. This type of firewall is fast, but cannot allow access to a particular user since there is no way to identify theuser except by using the IP address of the user's computer, which may be an unreliable method. Also the user does notneed to configure any software to use a packet filtering firewall such as setting a web browser to use a proxy for accessto the web. The user may be unaware of the firewall. This means the firewall is transparent to the client.

Circuit Level Relay Firewall

A circuit level relay firewall is also transparent to the client. It listens on a port such as port 80 for http requests andredirect the request to a proxy server running on the machine. Basically, the redirect function is set up using ipchainsthen the proxy will filter the package at the port that received the redirect.

Configuring a Proxy Server

The following packages are available in Linux:

• Ipchains soon to be replaced by netfilter (Packet filtering supported by the Linux kernel). It comes with Linux andis used to modify the kernel packet routing tables.
• SOCKS - Circuit Switching firewall. Normally doesn't come with Linux, but is free.
• Squid - A circuit switching proxy. Normally comes with Linux.
• Juniper Firewall Toolkit - A firewall toolkit product used to build a firewall. It uses transparent filtering, and iscircuit switching. It is available as open source.
• The TIS Firewall Toolkit (FWTK). A toolkit that comes with application level proxies. The applications includeTelnet, Rlogin, SMTP mail, FTP, http, and X windows. it can also perform as a transparent proxy for otherservices.

User Datagram Protocol (UDP)

User Datagram Protocol (UDP) supports the network at the transport layer. User Datagram Protocol(UDP) is an unreliable connection-less protocol and is defined by RFC 768 and 1122. It is a datagramservice. There is no guarantee that the data will reach its destination. UDP is meant to provide serivcewith very little transmission overhead. It adds very little to IP datapackets except for some error checkingand port direction (Remember, UDP encapsulates IP packets). The following protocols or services useUDP:
DNS

1. DNS
2. SNMP
3. BOOTP
4. TFTP
5. NFS
6. RPC
7. RIP

UDP Message Format

The UDP header includes:

1. Source port number (16 bits) - An optional field

2. Destination port number (16 bits)

3. UDP length (16 bits)

4. UDP checksum (16 bits)

This is followed by data. The UDP checksum includes UDP data, not just the header as with IP messageformats. For UDP and TCP checksum calculation a 12 byte pseudo header is included which containssome fields form the IP message header. This header is not transmitted as part of UDP or TCP, but isonly used to help compute the checksum as a means of being sure that the data has arrived at the correctIP address. This is the TCP/UDP pseudo header:

1. Source IP address (32 bits)

2. Destination IP address (32 bits)

3. blank filler(0) (8 bits)

4. Protocol (8 bits)

5. UDP length (16 bits)

IPX/SPX

IPX/SPX is a routable protocol and can be used for small and large networks. The following protocolsare part of the IPX/SPX suite:

l SAP - Service Advertising Protocol packets are used by file and print servers to periodicallyadvertise the address of the server and the services available. It works at the application,presentation, and session levels.l

NCP - NetWare Core Protocol provides for client/server interactions such as file and printsharing. It works at the application, presentation, and session levels.l

SPX - Sequenced Packet Exchange operates at the transport layer providing connection orientedcommunication on top of IPX.l

IPX - Internetwork Packet Exchange supports the transport and network layers of the OSInetwork model. Provides for network addressing and routing. It provides fast, unreliable,communication with network nodes using a connection less datagram service.

RIP - Routing Information Protocol is the default routing protocol for IPX/SPX networks whichoperates at the network layer. A distance-vector algorithm is used to calculate the best route for apacket.

ODI - Open Data-link Interface operates at the data link layer allowing IPX to work with anynetwork interface card.

NetWare frame types

Novell NetWare 2.x and 3.x use Ethernet 802.3 as their default frame type. Novell NetWare 4.x networksuse Ethernet 802.2 as their default frame type. If communication does not occur between two NetWarecomputers it is a good idea to check the netware versions of the two computers to be sure their frametypes match. If the frame types do not match on an ethernet network, the computers cannot communicate.

Class And Networks

IP addresses are broken into 4 octets (IPv4) separated by dots called dotted decimal notation. An octet isa byte consisting of 8 bits. The IPv4 addresses are in the following form:

192.168.10.1

There are two parts of an IP address:

• Network ID
• Host ID

The various classes of networks specify additional or fewer octets to designate the network ID versus thehost ID.

When a network is set up, a netmask is also specified. The netmask determines the class of the networkas shown below, except for CIDR. When the netmask is setup, it specifies some number of mostsignificant bits with a 1's value and the rest have values of 0. The most significant part of the netmaskwith bits set to 1's specifies the network address, and the lower part of the address will specify the hostaddress. When setting addresses on a network, remember there can be no host address of 0 (no hostaddress bits set), and there can be no host address with all bits set.

Class A-E networksThe addressing scheme for class A through E networks is shown below. Note: We use the 'x' characterhere to denote don't care situations which includes all possible numbers at the location. It is many timesused to denote networks.

Nework Gateway

Introduction

Network Topology A network consists of multiple computers connected using some type of interface, each having one or moreinterface devices such as a Network Interface Card (NIC) and/or a serial device for PPP networking. Eachcomputer is supported by network software that provides the server or client functionality. The hardware used totransmit data across the network is called the media. It may include copper cable, fiber optic, or wirelesstransmission. The standard cabling used for the purposes of this document is 10Base-T category 5 ethernet cable.This is twisted copper cabling which appears at the surface to look similar to TV coaxial cable. It is terminated oneach end by a connector that looks much like a phone connector. Its maximum segment length is 100 meters.

Network Categories

There are two main types of network categories which are:

• Server based


• Peer-to-peer

In a server based network, there are computers set up to be primary providers of services such as file service ormail service. The computers providing the service are are called servers and the computers that request and usethe service are called client computers.In a peer-to-peer network, various computers on the network can act both as clients and servers. For instance,many Microsoft Windows based computers will allow file and print sharing. These computers can act both as aclient and a server and are also referred to as peers. Many networks are combination peer-to-peer and serverbased networks. The network operating system uses a network data protocol to communicate on the network toother computers. The network operating system supports the applications on that computer. A Network OperatingSystem (NOS) includes Windows NT, Novell Netware, Linux, Unix and others.

Three Network TopologiesThe network topology describes the method used to do the physical wiring of the network.

The main ones are bus, star, and ring.

Network Hardware Connections

Ethernet uses star topology for the physical wiring layout. A diagram of a typical ethernet network layout isshown below.

On a network, a hub is basically a repeater which is used to re-time and amplify the network signals. In this diagram, please examine the hubs closely. On the left are 4 ports close to each other with an x above or below them. This means that these ports are crossover ports. This crossover is similar to the arrangement that was used for serial cables between two computers. Each serial port has a transmitter and receiver. Unless there was a null modem connection between two serial ports, or the cable was wired to cross transmit to receive and vice versa, the connection would not work. This is because the transmit port would be sending to the transmit port on the other side.

Therefore note that you cannot connect two computers together with a straight network jumper cable between their network cards. You must use a special crossover cable that you can buy at most computer stores and some office supply stores for around 10 dollars. Otherwise, you must use a hub as shown here.

The hub on the upper left is full, but it has an uplink port on the right which lets it connect to another hub. Theuplink does not have a crossover connection and is designed to fit into a crossover connection on the next hub.This way you can keep linking hubs to put computers on a network. Because each hub introduces some delayonto the network signals, there is a limit to the number of hubs you can sequentially link. Also the computers thatare connected to the two hubs are on the same network and can talk to each other. All network traffic including allbroadcasts is passed through the hubs.

In the diagram, machine G has two network cards, eth0 and eth1. The cards eth1 and eth0 are on two differentnetworks or subnetworks. Unless machine G is programmed as a router or bridge, traffic will not pass betweenthe two networks. This means that machines X and Z cannot talk to machines A through F and vice versa.Machine X can talk to Z and G, and machines A though F can talk to each other and they can talk to machine G.All machines can talk to machine G. Therefore the machines are dependent on machine G to talk between the twonetworks or subnets.

Each network card, called a network interface card (NIC) has a built in hardware address programmed by itsmanufacturer. This is a 48 bit address and should be unique for each card. This address is called a media accesscontrol (MAC) address. The media, in our specific case will be the ethernet. Therefore when you refer toethernet, you are referring to the type of network card, the cabling, the hubs, and the data packets being sent. Youare talking about the hardware that makes it work, along with the data that is physically sent on the wires.

There are three types of networks that are commonly heard about. They are ethernet, token-ring, and ARCnet.Each one is described briefly here, although this document is mainly about ethernet.

IEEE 802 Standard

The Data Link Layer and IEEE

When we talk about Local Area Network (LAN) technology the IEEE 802 standard may be heard. Thisstandard defines networking connections for the interface card and the physical connections, describinghow they are done. The 802 standards were published by the Institute of Electrical and ElectronicsEngineers (IEEE). The 802.3 standard is called ethernet, but the IEEE standards do not define theexact original true ethernet standard that is common today. There is a great deal of confusion causedby this. There are several types of common ethernet frames. Many network cards support more than onetype.

The ethernet standard data encapsulation method is defined by RFC 894. RFC 1042 defines the IP to linklayer data encapsulation for networks using the IEEE 802 standards. The 802 standards define the twolowest levels of the seven layer network model and primarily deal with the control of access to thenetwork media. The network media is the physical means of carrying the data such as network cable. Thecontrol of access to the media is called media access control (MAC). The 802 standards are listed below:

• 802.1 - Internetworkingl
• 802.2 - Logical Link Control *
• 802.3 - Ethernet or CSMA/CD, Carrier-Sense Multiple Access with Collision detection LAN *
• 802.4 - Token-Bus LAN *l
• 802.5 - Token Ring LAN *l
• 802.6 - Metropolitan Area Network (MAN)l
• 802.7 - Broadband Technical Advisory Groupl
• 802.8 - Fiber-Optic Technical Advisory Groupl
• 802.9 - Integrated Voice/Data Networksl
• 802.10 - Network Securityl
• 802.11 - Wireless Networksl
• 802.12 - Demand Priority Access LAN, 100 Base VG-AnyLAN

*The Ones with stars should be remembered in order for network certification testing.

Network Devices

Repeaters, Bridges, Routers, and Gateways

Network RepeaterA repeater connects two segments of your network cable. It retimes and regenerates the signals to properamplitudes and sends them to the other segments. When talking about, ethernet topology, you areprobably talking about using a hub as a repeater. Repeaters require a small amount of time to regeneratethe signal. This can cause a propagation delay which can affect network communication when there areseveral repeaters in a row. Many network architectures limit the number of repeaters that can be used in arow. Repeaters work only at the physical layer of the OSI network model.

Bridge

A bridge reads the outermost section of data on the data packet, to tell where the message is going. Itreduces the traffic on other network segments, since it does not send all packets. Bridges can beprogrammed to reject packets from particular networks. Bridging occurs at the data link layer of the OSImodel, which means the bridge cannot read IP addresses, but only the outermost hardware address of thepacket. In our case the bridge can read the ethernet data which gives the hardware address of thedestination address, not the IP address. Bridges forward all broadcast messages. Only a special bridgecalled a translation bridge will allow two networks of different architectures to be connected. Bridges donot normally allow connection of networks with different architectures. The hardware address is alsocalled the MAC (media access control) address. To determine the network segment a MAC addressbelongs to, bridges use one of:

• Transparent Bridging - They build a table of addresses (bridging table) as they receive packets. Ifthe address is not in the bridging table, the packet is forwarded to all segments other than the oneit came from. This type of bridge is used on ethernet networks.l
• Source route bridging - The source computer provides path information inside the packet. This isused on Token Ring networks.

Network RouterA router is used to route data packets between two networks. It reads the information in each packet totell where it is going. If it is destined for an immediate network it has access to, it will strip the outerpacket, readdress the packet to the proper ethernet address, and transmit it on that network. If it isdestined for another network and must be sent to another router, it will re-package the outer packet to bereceived by the next router and send it to the next router. The section on routing explains the theorybehind this and how routing tables are used to help determine packet destinations. Routing occurs at thenetwork layer of the OSI model. They can connect networks with different architectures such as TokenRing and Ethernet. Although they can transform information at the data link level, routers cannottransform information from one data format such as TCP/IP to another such as IPX/SPX. Routers do notsend broadcast packets or corrupted packets. If the routing table does not indicate the proper address of apacket, the packet is discarded.

Brouter

There is a device called a brouter which will function similar to a bridge for network transport protocolsthat are not routable, and will function as a router for routable protocols. It functions at the network anddata link layers of the OSI network model.

GatewayA gateway can translate information between different network data formats or network architectures. Itcan translate TCP/IP to AppleTalk so computers supporting TCP/IP can communicate with Apple brandcomputers. Most gateways operate at the application layer, but can operate at the network or sessionlayer of the OSI model. Gateways will start at the lower level and strip information until it gets to therequired level and repackage the information and work its way back toward the hardware layer of theOSI model. To confuse issues, when talking about a router that is used to interface to another network,the word gateway is often used. This does not mean the routing machine is a gateway as defined here,although it could be.