MANAGING TCP/IP NETWORKSManaging TCP/IP Networks: Techniques, Tools and Security Considerations... MANAGING TCP/IP NETWORKS:TECHNIQUES, TOOLS, AND SECURITY CONSIDERATIONS Gilbert Held 4
Trang 1MANAGING TCP/IP NETWORKS
Managing TCP/IP Networks: Techniques, Tools and
Security Considerations Gilbert Held Copyright & 2000 John Wiley & Sons Ltd Print ISBN 0-471-80003-1 Online ISBN 0-470-84156-7
Trang 2MANAGING TCP/IP NETWORKS:
TECHNIQUES, TOOLS, AND SECURITY CONSIDERATIONS
Gilbert Held
4 Degree Consulting Macon, Georgia, USA
JOHN WILEY & SONS, LTD
Chichester .New York .Weinheim. Brisbane. Singapore.Toronto
Security Considerations Gilbert Held Copyright & 2000 John Wiley & Sons Ltd Print ISBN 0-471-80003-1 Online ISBN 0-470-84156-7
Trang 3Copyright #2000 by John Wiley & Sons Ltd
Baf®ns Lane, Chichester, West Sussex, PO19 1UD, England National 01243 779777
International (+44) 1234 779777 e-mail (for orders and customer service enquiries): cs-books@wiley.co.uk
Visit our Home Page on http://www.wiley.co.uk or http://www.wiley.com
All Rights Reserved No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording, scanning
or otherwise, except under the terms of the Copyright Designs and Patents Act 1988 or under the terms
of a licence issued by the Copyright Licensing Agency, 90 Tottenham Court Road, London, UK W1P 9HE, UK, without the permission in writing of the Publisher, with the exception of any material supplied speci®cally for the purpose of being entered and executed on a computer system, for exclusive use by the purchaser of the publication.
Neither the authors nor John Wiley & Sons Ltd accept any responsibility or liability for loss or damage occasioned to any person or property through using the material, instructions, methods or ideas contained herein, or acting or refraining from acting as a result of such use The authors and Publisher expressly disclaim all implied warranties, including merchantability of ®tness for any particular purpose There will be no duty on the authors or Publisher to correct any errors or defects in the software.
Designations used by companies to distinguish their products are often claimed as trademarks In all instances where John Wiley & Sons is aware of a claim, the product names appear in initial capital or capital letters Readers, however, should contact the appropriate companies for more complete information regarding trademarks and registration.
Other Wiley Editorial Of®ces
John Wiley & Sons, Inc., 605 Third Avenue,
New York, NY 10158-0012, USA
WILEY-VCH Verlag GmbH
Pappelallee 3, D-69469 Weinheim, Germany
Jacaranda Wiley Ltd, 33 Park Road, MIlton,
Queensland 4064, Australia
John Wiley & Sons (Asia) Pte Ltd, 2 Clementi Loop #02-01,
Jin Xing Distripark, Singapore 129809
John Wiley & Sons (Canada) Ltd, 22 Worcester Road
Rexdale, Ontario, M9W 1L1, Canada
Library of Congress cataloging-in-Publication Data
Held, Gilbert,
1943-Managing TCP/IP networks: techniques, tools and security
considerations/Gilbert Held.
p cm.
ISBN 0-471-80003-1 (alk paper)
1 TCP/IP (Computer network protocol) 2 Computer networks±
Management I Title.
British Library Cataloguing in Publication Data
A catalogue record for this book is available from the British Library
ISBN 0 471 80003 1
Typeset in 10/12pt Bookman-Light by Dobbie Typesetting Limited
Printed and bound in Great Britain by Bookcraft (Bath) Ltd
This book is printed on acid-free paper responsibly manufactured from sustainable forestry, in which
at least two trees are planted for each one used for paper production.
Managing TCP/IP Networks: Techniques,Tools and
Security Considerations Gilbert Held Copyright & 2000 John Wiley & Sons Ltd Print ISBN 0-471-80003-1 Online ISBN 0-470-84156-7
Trang 4Acknowledgments xvii
1 Introduction 11.1 Rationale for network management 11.1.1 Cost of service interruptions 21.1.2 Size and complexity of networks 21.1.3 Performance monitoring 21.1.4 Coping withequipment sophistication 31.2 The network management process 31.2.1 The OSI framework for network management 4Con®guration/change management 4Fault/problem management 5Performance/growthmanagement 6Security/access management 7Accounting/cost management 71.2.2 Other network management functions 8Asset management 8Planning/support management 91.3 Tools and systems 91.3.1 Monitoring tools 101.3.2 Diagnostic tools 101.3.3 Computer-based management systems 101.4 Book preview 111.4.1 The TCP/IP protocol suite 111.4.2 The Internet Protocol 121.4.3 The transport protocols 121.4.4 DNS operations 121.4.5 Layer 2 management 121.4.6 Layer 3 and layer 4 management 131.4.7 SNMP and RMON 131.4.8 Management by utility program 131.4.9 Security management 13
Security Considerations Gilbert Held Copyright & 2000 John Wiley & Sons Ltd Print ISBN 0-471-80003-1 Online ISBN 0-470-84156-7
Trang 52 The TCP/IP Protocol Suite 152.1 Evolution 152.2 Governing bodies 162.2.1 The IAB 162.2.2 The IANA 162.2.3 The IETF 172.2.4 RFCs 172.3 The ISO Reference Model 182.3.1 Layers of the OSI Reference Model 19Layer 1: The physical layer 19Layer 2: The data link layer 19Layer 3: The network layer 20Layer 4: The transport layer 20Layer 5: The session layer 21Layer 6: The presentation layer 21Layer 7: The application layer 212.3.2 Data ¯ow 222.3.3 Layer subdivision 22Addressing 22Universally vs locally administered addresses 242.4 The TCP/IP protocol suite 242.4.1 Comparison withthe ISO Reference Model 25The network layer 25
3 The Internet Protocol 293.1 The IPv4 header 293.1.1 Vers ®eld 303.1.2 Hlen and Total Length®elds 303.1.3 Type of Service ®eld 303.1.4 Identi®cation ®eld 313.1.5 Flags ®eld 323.1.6 Fragment Offset ®eld 323.1.7 Time-to-Live ®eld 333.1.8 Protocol ®eld 333.1.9 Checksum ®eld 333.1.10 Source and Destination Address ®elds 333.1.11 Options and Padding ®elds 363.2 IP addressing 363.2.1 Overview 373.2.2 IPv4 38
Trang 6The basic addressing scheme 39Address classes 40Address formats 40Address composition and notation 41Special IP addresses 42Class A 42Class B 43Class C 43Class D 44Class E 44Reserved addresses 45Subnetting and the subnet mask 46Host addresses on subnets 48The subnet mask 49Con®guration examples 50Classless networking 523.3 The IPv6 header 533.3.1 Ver ®eld 553.3.2 Priority ®eld 563.3.3 Flow Label ®eld 573.3.4 Payload Length®eld 573.3.5 Next Header ®eld 573.3.6 Hop Limit ®eld 573.3.7 Source and Destination Address ®elds 583.3.8 Address types 583.3.9 Address notation 583.3.10 Address allocation 59
Provider-Based Unicast addresses 60Multicast address 613.3.11 Transporting IPv4 addresses 613.4 ICMP and ARP 623.4.1 ICMP 62
Type ®eld 62Code ®eld 63
Type ®eld 64Code ®eld 643.4.2 ARP 64Need for address resolution 67Operation 67Hardware Type ®eld 68Protocol Type ®eld 68Hardware Length®eld 68Protocol Length®eld 68Operation ®eld 69Sender Hardware Address ®eld 69Sender IP Address ®eld 69
Trang 7Target Hardware Address ®eld 70Target IP Address ®eld 70ARP notes 70
4 TheTransport Lay er 73
4.1.1 The TCP header 74Source and Destination Port ®elds 74Port numbers 75Well-known ports 75Registered port numbers 76Dynamic port numbers 76Sequence Number ®eld 76Acknowledgment Number ®eld 78Hlen ®eld 78Reserved ®eld 78Code Bit ®elds 78URG bit 79ACK bit 79PSH bit 79RST bit 79SYN bit 79FIN bit 79Window ®eld 79Checksum ®eld 80Urgent Pointer ®eld 80Options ®eld 80Padding ®eld 814.1.2 Operation 81Connection types 82The three-way handshake 82Segment size support 83The Window ®eld and ¯ow control 84
Delayed ACK 85FIN-WAIT-2 timer 85Persist 86Keep Alive 86Slow start and congestion avoidance 86
4.2.1 The UDP header 87Source and Destination Port ®elds 88Length®eld 88Checksum ®eld 884.2.2 Operation 88
5 The Domain Name System 895.1 Evolution 89
viii CONTENTS
Trang 85.1.1 The HOSTS.TXT ®le 895.2 DNS overview 905.2.1 The domain structure 915.2.2 DNS components 92Resource records 92Name servers 93Resolvers 93The resolution process 935.3 The DNS database 955.3.1 Overview 955.3.2 Resource records 965.3.3 Using a sample network 985.3.4 DNS software con®guration 98The BOOT ®le 985.3.5 Using resource records 100SOA record 101
NS records 101
MX records 101
A records 102CNAME records 102PTR records 102Loopback ®les 103All-zero/all-ones ®les 103For further resolution 1045.3.6 Accessing a DNS database 105nslookup 105The Whois command 112
6 Layer 2 Management 1136.1 Ethernet frame operations 1136.1.1 Ethernet frame composition 114Preamble ®eld 115Start-of-Frame Delimiter ®eld 115Destination Address ®eld 115I/G sub®eld 116U/L sub®eld 117Universal versus locally administered addressing 117Source Address ®eld 118Type ®eld 120Length®eld 121Data ®eld 122Frame Check Sequence ®eld 1236.2 Ethernet media access control 1246.2.1 Functions 1256.2.2 Transmit media access management 1266.2.3 Collision detection 128Jam pattern 128Wait time 128
Trang 9Late collisions 1306.3 Ethernet Logical Link Control 1306.3.1 The LLC protocol data unit 1306.3.2 Types and classes of service 132Type 1 132Type 2 133Type 3 133Classes of service 1336.4 Other Ethernet frame types 1336.4.1 Ethernet_SNAP frame 1336.4.2 NetWare Ethernet_802.3 frame 1346.4.3 Receiver frame determination 1356.5 Fast Ethernet 1356.5.1 Start-of-Stream Delimiter 1366.5.2 End-of-Stream Delimiter 1366.6 Gigabit Ethernet 1366.6.1 Carrier extension 1376.6.2 Packet bursting 1396.7 Token-Ring frame operations 1396.7.1 Transmission formats 140Starting/ending delimiters 141Differential Manchester encoding 141Non-data symbols 142Access control ®eld 143The monitor bit 146The active monitor 146Frame Control ®eld 147Destination Address ®eld 147Universally administered address 148Locally administered address 148Functional address indicator 148Address values 148Source Address ®eld 149Routing Information ®eld 151Information ®eld 152Frame Check Sequence ®eld 152Frame Status ®eld 1526.8 Token-Ring Medium Access Control 1546.8.1 Vectors and subvectors 1556.8.2 MAC control 156Purge frame 157Beacon frame 157Duplicate Address Test frame 1586.8.3 Station insertion 1586.9 Token-Ring Logical Link Control 1596.9.1 Service Access Points 159
Trang 106.9.2 Types and classes of service 1616.10 Summary 161
7 Layer 3 and Layer 4 Management 1637.1 Using WebXRay 1637.1.1 Overview 1647.1.2 Operation 164Autodiscovery 165Service selection 167Topology discovery 167Hosts information 168Services information 169Traf®c measuring 169Server Host Table 170Server±Client Matrix Table 171
IP Host Table 171
IP Matrix Table 171Protocol distribution 173Filtering and packet decoding 1747.2 Using EtherPeek 1767.2.1 Operation 176Packet capture 176Filtering 177Selective packet capture 179Packet decoding 1797.2.2 Network statistics 182
8 SNMP and RMON 1858.1 SNMP and RMON overview 1858.1.1 Basic architecture 186Manager 186Agents 187Management Information Base 1888.1.2 RMON 188Probes and agents 188
Operation 189Evolution 1908.2 The SNMP protocol 1918.2.1 Basic SNMP commands 191GetRequest 192GetNextRequest 192SetRequest 193GetResponse 193
8.2.2 SNMP version 2 194New features 195GetBulkRequest 196
Trang 11InformRequest 1968.2.3 SNMPv3 197Architecture 198SNMP engine modules 199Application modules 199Operation 2008.3 Understanding the MIB 2008.3.1 The object identi®er 2018.3.2 Structure and identi®cation of management information 2028.3.3 Network management subtrees 203The mgmt subtree 203The experimental subtree 203The private subtree 204Program utilization example 2048.3.4 MIB II objects 207The System Group 208The Interfaces Group 210The Address Translation Group 213The Internet Protocol Group 214The Internet Control Message Protocol Group 214The Transmission Group 216The Transmission Control Protocol Group 217The User Datagram Protocol Group 218The Exterior Gateway Protocol Group 218The SNMP Group 218Authentication traps 218Incoming traf®c counts 219Outgoing traf®c counts 220
9 Management by Utility Program 2259.1 Network utility programs 2259.1.1 Ping 225Overview 226Operation 227Utilization 228Operational example 2289.1.2 Traceroute 229Overview 229Operation 230Utilization 231Operational example 2319.1.3 Nbtstat 232Operation 2339.1.4 Netstat 234Operation 2359.2 Monitoring server performance 2369.2.1 Using Windows NT/2000 Performance Monitor 236Overview 236
xii CONTENTS
Trang 12Utilization 237Observing processor performance 2409.2.2 Working withalerts 241
10 Security 24510.1 Router security 24610.1.1 Need for access security 24610.1.2 Router access 24710.1.3 Telnet access 24710.1.4 TFTP access 24910.1.5 Securing console and virtual terminals 25010.1.6 File transfer 25110.1.7 Internal router security 25110.1.8 Additional protective measures 25210.2 Router access-lists 25310.2.1 Overview 25410.2.2 TCP/IP protocol suite review 25410.2.3 Using access-lists 256
Con®guration principles 256Standard access-lists 257Extended access-lists 260Limitations 26210.3 Using ®rewall proxy services 26310.3.1 Access-list limitations 26310.3.2 Proxy services 26410.3.3 ICMP proxy services 26610.3.4 Limitations 26810.3.5 Operational example 268
Using classes 268Alert generation 269Packet ®ltering 270The gap to consider 27210.4 Network address translation 27210.4.1 Types of address translations 274
Static NAT 274Pooled NAT 274Port Address Translation 274Appendix A The SNMP Management Information Base (MIB-II) 275Appendix B Demonstration Software 325
Trang 13Because the management of TCP/IP networks requires detailed knowledge
of the protocol suite, the ®rst few chapters in this book are focused on thistopic Once this has been accomplished, we will proceed up the layers of theprotocol stack by examining tools and techniques that can be used at eachlayer In doing so, we will investigate the use of several diagnostic tools todiscover the cause of network problems, recognize potential problems prior totheir occurrence, and note corrective actions that can be taken to alleviateactual and potential problems
Although this book is not titled `SNMP and RMON,' any coverage of theTCP/IP protocol suite needs to recognize the importance of those manage-ment tools and appropriately cover these areas of communicationstechnology With the focus of this book on managing TCP/IP networks,coverage of SNMP and RMON is an integral part Another key area of TCP/IPnetwork management is network security, which is also covered in this book.Recognizing that the size of TCP/IP networks can range in scope from a fewhub-based LANs interconnected via a wide area network transmission facility
to large mesh structured private networks and the mother of all networks, theInternet, this book is focused upon concepts that can be applied to all TCP/IP-based networks, regardless of their size
As a professional author I highly value reader feedback Your commentsconcerning topics presented in this book such as areas you believe requireadditional elaboration or other comments are welcome You can write to methrough my publisher, whose address is on the cover of this book, or you cancontact me directly via email at gil_held@yahoo.com
Gilbert HeldMacon, GA
Managing TCP/IP Networks: Techniques, Tools and
Security Considerations Gilbert Held Copyright & 2000 John Wiley & Sons Ltd Print ISBN 0-471-80003-1 Online ISBN 0-470-84156-7
Trang 14The preparation of a book is a team effort, even though only the author'sname is displayed Thus, I would be remiss if I did not acknowledge theefforts of other people who had a signi®cant impact upon the evolution of thisbook from an author's concept into the book you are reading
Once again I would like to thank Ann-Marie Halligan, my editor at JohnWiley & Sons, for backing another of my writing projects I would also like tothank Sarah Lock and the members of the Wiley production department forthe ®ne job they accomplished in producing this book
As an old-fashioned author who frequently travels to locations where hiselectrical adapters never seem to work, many years ago I decided pen andpaper provided a higher level of reliability than a four-hour lap top battery on
a two-week trip Working by hand in drafting a manuscript results in theneed for an alert typist who can translate my writing and drawings into aprofessional manuscript Thus, I am most fortunate to again be able to count
on Mrs Linda Hayes to convert my longhand manuscript into an acceptabletext
Last but not least, writing a book is a time-consuming effort that requiresmany nights and long weekends of effort I am most appreciative to my wifeBeverly for her understanding as I literally locked myself in my of®ce andnetwork laboratory for long periods of time as I experimented with differentnetworking tools and techniques while working on this book
Security Considerations Gilbert Held Copyright & 2000 John Wiley & Sons Ltd Print ISBN 0-471-80003-1 Online ISBN 0-470-84156-7
Trang 15INTRODUCTION
In less than thirty years the TCP/IP protocol suite has evolved from aDepartment of Defense research initiative into a ubiquitous transmissioncapability that is used by academia, government agencies, businesses, andhome computer users Networks constructed using the TCP/IP protocol suiterange in scope from a small hub-based local area networkin a home of®ce tothe giant network of interconnected networks known as the Internet As theuse of the TCP/IP protocol suite proliferated, so did its support of a range ofnew applications that only a few years ago were considered by many persons
to represent science ®ction Today real time audio and video, as well asdigitized voice and fax, can be transmitted over the Internet and privateintranets While the growth in the use of the TCP/IP protocol stackand itsrole as a mechanism to transport different types of data has been quiteimpressive, it has not been problem-free In actuality, it has introduced a newset of problems that networkmanagers and administrators must consider asthey manage their networks Thus, the need for network management hasincreased in tandem with the growth in the use of the TCP/IP protocol suite,
as has its expanded role in transporting different types of data
In this introductory chapter we will focus our attention upon the process ofnetworkmanagement and how it relates to the TCP/IP protocol suite.Although no de®nition can be expected to be all-encompassing, we willcommence our investigation of networkmanagement with one Thisde®nition will form a base for describing the different and varied facets ofnetworkmanagement, which can include techniques, tools, and systems.However, prior to actually examining what networkmanagement encom-passes, let us ®rst examine the rationale for this activity Doing so willprovide us with additional insight into the various components thatconstitute this functional area
1.1 RATIONALE FOR NETWORK MANAGEMENT
As mentioned above, we are in the midst of an explosive growth in the use ofthe TCP/IP protocol suite with respect to both the quantity of datatransmitted and applications transmitting data Today many vendors dependgreatly upon their online Web sites for sales that can easily exceed several
Managing TCP/IP Networks: Techniques, Tools and
Security Considerations Gilbert Held Copyright & 2000 John Wiley & Sons Ltd Print ISBN 0-471-80003-1 Online ISBN 0-470-84156-7