Drew Wutka
dbatech at wolfwares.com
Tue Aug 19 19:52:57 CDT 2003
Steve, you asked, so I'm gonna learn ya! Okay, first of all, to begin this course, we need to understand the ways of the Internet (or GoreNet as you put it.) Way back in the old days, you had modems that talked to each other. When they talked, the main protocol in use was the speed protocol, so the modems knew how fast to listen. However, the internet needed to be a LOT smarter then your typical BBS, and a LOT dumber at the same time. The primary concern of the Internet is to get the information from point A, to point B, with as little hassle as possible. Back in the BBS days, the issue was more about line noise, then routing, because most BBSers were directly calling their BBS, so the BBS knew exactly where to send the information. Thus, TCP/IP was put into effect. TCP/IP is the Internet Protocol layer. (Transfer Control Protocol/Internet Protocol). There's a lot of internal protocols involved, but there are two key processes you must understand. First, Information/Data is split up into packets. A packet is just like a package you send through the post office. It has a TO and FROM, and has something in it. However, when talking about internet communications (or TCP/IP network communications on a LAN), instead of a data file being one package, it is split up into a bunch of smaller packets. Each packet is received (or asked to be resent), and then reassembled on the other side. This makes for much smoother communication since if a packet gets lost in the shuffle, it is simply resent, instead of scratching the whole process. The next concept is the IP Address. The IP Address is a 4 byte number (32 bits), which is the Unique ID each computer has when using the internet. The IP Address is you phone number on the internet. An example would be 192.168.0.1 . The far left number is like the area code, and the far right number is the more specific. (ie, when a computer reads the IP Address, it looks at the 192 number, and then narrows it further with 168, then 0, then 1.). Now, the dumb part of the internet, is that it does really care what it's sending. It only looks at where the information is supposed to go. Okay, I am going to go through how a computer would pull up a website, step by step, and I'll explain, along the way, on what processes are involved. Okay, let's start with your computer turned off. To begin with, you will probably notice (if you look), that as long as the power is plugged into your computer, that your NIC lights are on (Network card). This is because a NIC's communicate on a very basic level (just like Modems did, where you might transfer a file with the XModem protocol, but the modems themselves are talking with 56k Flex). In todays world, NICs usually use the Ethernet protocol. (One older protocol was called Token Ring). The Ethernet protocol has it's own identification system, which uses your NIC's MAC Address. When you connect your NIC to a hub/switch/router, or even another NIC, they actually talk to each other using the MAC addresses. So let's say, for this example, that you have your machine plugged into an 8 port switch. While your machine is off (but there is still power), the 8 port switch has internally noted that port X (where you are plugged into), is MAC Address xyz (MAC addresses are pretty long....just using xyz for an example). Now, let's turn on your machine. While windows boots, and it creates it's network connections, it needs to assign the NIC an IP Address. There are two ways to do this. The first is to manually set the IP Address. (Thus the information would be stored in the registry.). The second and more common approach is to use DHCP. Dynamic Host Configuration Protocol. The way DHCP works, is when the NIC needs an IP Address, it sends out a broadcast message asking for an IP Address. When it does this, it sends the message out it's Cat-5 cable, the 8 port switch gets the packet(s) and says, oh, this is a broadcast message, and it sends it out on every other port. This flies all over the LAN. (Packets are encoded with a TTL setting, (Time To Live) which tell switches and routers if it should keep sending it, or let it die....that prevents lost packets from bouncing around forever). Now don't panic, broadcast packets (like DHCP requests) do not pass through routers. Need a quick router explaination. A switch and a hub are just like a manifold in a fluid system. Fluid can come and go from and to many directions. A router is like a dual manifold, where you have two separate fluid systems that need to cross connect once in a while, but still maintain their separateness. A router will usually have several 'switch like ports', where you can plug several computers of the same LAN into, then one or more ports that go out to another network. These individual networks are called subnets. (Will explain a little more later.) So, a DHCP or another broadcast message will only go out across that machines 'subnet'....any routers on the subnet will only pass the packets along the inside ports. If there is a machine on the subnet that is listening for DHCP packets, it will respond, by returning data back to the requestor, which will include whatever settings the DHCP server has been setup with. There are TONS of settings, but here's the gist. First it will hand out an IP address (to the requesting computer), it gets this from it's list of available IP Addresses. You can have 'reserved' IP Addresses which are handed out based upon the machines MAC Address. (This allows the stability of a static IP Address with the flexibility of having a DHCP server), it also hands out DNS settings, Gateway and subnet settings (these will all be discussed), and it can go even further to hand out mail server settings, domain controller settings, etc. Now we have an IP Address. To make an IP Address work with TCP/IP, you need two other settings, which I already mentioned. Gateway, and Subnet. These are EXTREMELY important. Subnet, this is a term previously mentioned. The best way to describe a subnet, is to look at a city's zoning diagram. That's what a subnet is. It's a computer 'zone'. Here's how the subnet works. It looks like an IP address, but it is really a bit mask. If there is a 1, then the bits have to match, if there is a 0, then the bits don't have to match. For example, if your IP Address is 192.168.0.1, and your subnet is 255.255.255.0, then the computers on your subnet are 192.168.0.0 through 192.168.0.255. That is because 255 is a byte with all of the bits turned on, so the first three quads have to be an exact match. A 0 is a byte with all 0's, so the last number can be anything. However, if you have an IP Address of 192.168.0.1 and your subnet is 255.255.255.254, then only 192.168.0.0 and 192.168.0.1 are in your subnet. Same IP with a subnet of 255.255.255.252 allows for .0,.1,.2,.3 for the last quad. So, what gives with the subnet, so it's a grouping, how does it affect my network. TCP/IP is setup for two levels of communication, and this is where most 'tutorials' either get way to technical, or they completely gloss over this. You have local subnet communication, and then you have router communication. A subnet is built with switches and hubs. Hubs usually aren't smart. They get a packet, and send it to every port it has active. A switch actually directs 'traffic' a little better. It will build a NAT table (Network Address Translation). What a NAT table stores is information on where to direct specific IP Addresses. If the address is on the switch, it sends it right to that port, if it's not on that switch, it will send it to other switches, and will actually learn what address are on other switches, so in the future it can send it to the right switch. This is why initial communication on a switch may be a little sluggish, but once everything has been connected for a while, communication is very swift. A router is like a JOIN between to sets of NAT tables. This is where your Gateway setting comes into play. The Gateway is the Router on your subnet, that you want to use when you want to go somewhere that's not on your subnet. So, let's say you have an IP of 192.168.0.2, your gateway is 192.168.0.1, and your subnet is 255.255.255.252. You want to get to 192.168.0.3. The gateway is not bothered at all, because you know that 192.168.0.3 is on your subnet, and it's up to your switches and hubs to find the right machine. If you want to go to 192.168.0.100, then the packet is immediately sent to the gateway (192.168.0.1), since you know that 192.168.0.100 is not on your subnet. The packet the gateway(router) gets, says it's from 192.168.0.2, and is going to 192.168.0.100. The gateway/router then looks at it's NAT tables. (A router sits between two subnets, but it can have multiple routers on either end, to pass packets on even further) If the gateway/router sees 192.168.0.100 on it's other subnet, it passes the data to it, if not, it passes it to the other routers on that subnet. And the process continues. Okay, hope I haven't lost anyone yet. We are now running our OS, but before we go on, just a quick note. For all the above to happen, you have to have TCP/IP bound to a NIC. TCP/IP is one of many network protocols. There are other network protocols such as IPX/SPX and NETBEUI. These protocols can be used on a LAN, but only TCP/IP will work on the Internet. When you look at your network settings (through the control panel, you should see what protocols are bound to what. If you use a modem (dialup), you'll see the Dial-up Adapter. The Dial-up adapter acts like a virtual NIC, so that when you dial-up to the interent, DUN (Dialup networking) pretends it's a NIC, so that your OS, and all of your software don't have to worry about talking to a modem, they just 'think' the modem is a NIC. Anyways, make sure that each NIC/adapter has the TCP/IP protocol bound to it. Now we are going to try to connect to a web page. We have an IP address of 192.168.0.3, a gateway of 192.168.0.1, and a subnet of 255.255.255.0. (This is how Internet Connection Sharing sets things up....192.168.0.1 is the adapter which will communicate with the adapter that actually sees the internet, turning that machine into a virtual router.). Now, I'm sure someone may have already asked themselves, 'Hey Drew said you only need the subnet and Gateway settings...what about DNS?'. You do not need a DNS server to communication on the internet. DNS servers are the phone books of the internet. Switches, routers and hubs don't care about Yahoo.com, they care about 66.218.71.198. The DNS setting is only put there for us humans, who remember words better then numbers. So, we open up Internet Explorer, and type in Yahoo.com. Here's what happens. First, IE is going to resolve Yahoo.com to an IP Address (which is currently 66.218.71.198). It is then going to request information from that IP Address. So how does it request this. Okay, here we get a little more involved. Ever notice that you can hit a website, an FTP server, an email server, and all sorts of other communication dependant services off of the same machine? Well that is because TCP/IP has another layer to it, other then the IP Address. Yes, an IP Address will get you to the right machine, but that doesn't do anything, you need to deliver it to the right place on the machine. Thus you have TCP/IP ports. There are 64k ports, the first thousand or so are already 'predefined' for specific purposes. For example, web requests are 80 or 8080, SMTP (Simple Mail Transport Protocol (what you use to send mail)) is 25, POP3 (Post Office Protocol 3, what you use to get email) is 110, port 13 is designated as a Time Protocol port (the atomic clock servers listen to port 13 for time requests, etc. So, Internet Explorer just assumes you are asking for port 80, so it sends bunch of packets out to 66.218.71.198, from 192.168.0.3, going to port 80. Well, that's not on your subnet, so they get sent to the gateway. The gateway then does two things. First, it changes the return address to itself (not 192.168.0.1, but the IP Address it has on it's other subnet), and then internally marks it to be rerouted back to 192.168.0.3 when it comes back. And off your packets go, from router to router, until it finds 66.218.71.198. Those packets are then returned, and your TCP/IP stack then determines which is the best 'route' to take, in order to send your data (based on how many stops and how fast the packets returned). Then your packet is sent to the correct port on 66.218.71.198. Yahoo's web server gets the request on port 80, and says 'aha', you want a webpage, but you didn't ask for anything specific, so I'm going to hand you my default page. It then sends the data back to the ICS (Internet Connection Sharing) NIC (which has a valid Internet IP Address), which in turn routes them back to you, at 192.168.0.3. Whalla, you have now downloaded a web page, and you should understand the basic concepts used to do this. Now let's get into some of the more interesting twists. We know that we use a DNS server to resolve Yahoo.com, but how do we resolve MyComputerA or MyComputerB. Now we are talking about the bane of most home networkers. If there is not a DNS server, or WINS server on the local network (WINS is Windows Internet Naming Server, and it acts much like a DNS server, but it is only used on a local LAN, not the internet), then the computers on your network have to use computer browsing. Computer browsing is a very goofy system of trying to share the phonebook responsibility. Essentially, all the computer on a network hold an election (not kidding), and decide which computer is going to be the Master Browser. The master browser then keeps the official list of who is where and has what IP address. However, if the Master Browser is turned off, then another computer gets elected. Guess what, when the original Master Browser comes back up, it is going to fight the new one. As you can guess, this process is pretty hairy, and can result in the complete demise of your LAN! <evilgrin> Most home networkers get around this by using host files, which are local files that tell each machine what the IP Addresses of the other machines on their networks are. Host files work, however, they are not dynamic. If a change is required, you're going to have to reboot. Something else that is frequently overlooked is the workgroup or DNS suffix. The DNS suffix is what is used when you query for a computer name, but not a domain. For example, yahoo.com is a domain. MyComputer is NOT a domain, it's a computer name, so when the DNS server querries for MyComputer, it is going to attach the default suffix to it. So if you have ComputerA with a default suffix of mshome.net, and ComputerB with sbc.com, what will happen when you try to ping ComputerB from ComputerA, is ComputerA will search for ComputerB.mshome.net, which doesn't exist. Now, if you look for ComputerB.sbc.com, then you'll find that, since you are specifying the DNS suffix. Trouble shooting steps. Your best friend is the ping utility. It is going to tell you lots of stuff. However, first, you need to know what your settings are. On 9x operatings systems, you go Start-->Run-->winipcfg and that will give you your IP Address info (Address, subnet, gateway, DNS servers, etc.). You will need to make sure you have the right Adapter selected though (because it will usually default to an internal adapter that you really won't care about.). Don't assume you have an IP Address correctly assigned either. IP addresses starting with 169 are usually card assigned, which means the NIC couldn't find a DHCP server, so it gave itself it's own IP Address. If you have the physical connections made correctly, yet you can't get a DHCP address for a particular computer, try manually setting the address, rebooting, then set it back to dynamic(DHCP) and reboot again. I have seen some 98 machines get a subnet of 255.255.0.0 for some reason, which is a subnet with 64k addresses. What happens is it tries to broadcast the DHCP request across that many addresses, (starting at the top), and it dies out (due to the TTL) before it hits the actual DHCP server. Setting the subnet manually to 255.255.255.0 will usually fix that. Not sure why it gets stuck like that. (It may be a setting on one of our switches). Once you have a valid IP Address from DHCP (or set manually), make sure you can ping local machines. That establishes your network connection is working. Then try to ping external Addresses. For example: C:\>ping yahoo.com should result in something like this: Pinging yahoo.com [66.218.71.198] with 32 bytes of data: Reply from 66.218.71.198: bytes=32 time=110ms TTL=243 Reply from 66.218.71.198: bytes=32 time=110ms TTL=243 Reply from 66.218.71.198: bytes=32 time=111ms TTL=243 Reply from 66.218.71.198: bytes=32 time=50ms TTL=243 Ping statistics for 66.218.71.198: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 50ms, Maximum = 111ms, Average = 95ms Notice that after 'Pinging yahoo.com', you get an IP Address in brackets. This tells you that the DNS server you have set your settings for is working. If it doesn't resolve the name, then you need to get your DNS settings corrected. Next, you get replies. Don't sweat it if the replies time out. Most sites block ping returns. Yahoo usually doesn't, so that's a good way to determine if you are getting through or not. Now, if you are running W2k or XP, pinging really just tells you if you are resolving through DNS, however, if you are using 9x, try a few pings, and see if you get sporadic returns. You're Winsock .dll's may be corrupt, you'll probably want to replace them. That's your Internet Tutorial from Drew! <grin> Personally, I recommend that if you have the money, invest in a small machine, put Windows 2000 server on it, and setup an actual Active Directory Domain, with WINS, DHCP, and DNS running on it. It will probably cost ya about $1500, or so (for the OS and machine....) but you'll have an instant plug in and go setup. I have this setup at home, I have drives automatically mapped when I log in, I can plug a computer into my network and they have immediate internet access, and I can access my network from that new machine too (with a login prompt). I can't tell you how nice it is to have a print server, because while I'm printing documents, the printserver is bogged down, not my desktop. Not too mention the ability to always be able to 'see' other machines on the network. My Dad has a slapshod home network with XP, 98, and W2k. He constantly has problems with sharing drives, connecting to the internet, etc. I get him fixed up, then he changes something, and it all goes in the can again! Hope everyone get's a good read from this! Drew ----- Original Message ----- From: "Steven W. Erbach" <serbach at new.rr.com> To: <dba-Tech at databaseadvisors.com> Sent: Monday, August 18, 2003 6:52 AM Subject: [dba-Tech] Modems > Dear Group, >